Re: Restrict user to specific window-manage
On Tue, May 27, 2003 at 02:59:29PM +0200, Jon Haugsand wrote:
> * David Fokkema
> > On Tue, May 27, 2003 at 01:38:36PM +0200, thomas.wallrafen@post.rwth-aachen.de wrote:
> >> Hi all!
> >>
> >> Is there any possibility to restict a specific user
> >> to a predefined windowmanager?
> >> I've got several users here and want the guest-user
> >> to use just _one_ windowmanager.
> >> The problem is that the login process is done via
> >> kdm. So might there be a way to restrict kdm this
> >> way?
> >
> > Just curious, sorry...
> >
> > Why would you want to do that?
>
> I can think of several reasons:
>
> 1. Security: I.e. poor man's access control. Include only the
> applications that the user is allowed to run. Better
> leave out xterm then...
Indeed, poor man's access control. If my network was so unsafe that I
wouldn't trust guests to run app foo, would I trust my trusted users to
run it? They might easily break things, even if it wasn't their
intention to do so.
>
> 2. User protection: Avoid the ever too often situation where users get
> burned. I.e. avoid the possibility where users do the
> typical "Gee, what happens if I choose this funny little
> rm -Rf application?"
And have them run to the administrator each time they want to remove a
file? I guess that apps which can _really_ burn users can a) burn all
users and b) are sometimes very necessary (like rm).
>
> 3. Manager protection: Avoid the situation where new applications have
> to be make available from all possible window manager
> setups that are defined on every host in the company
> network. In particular the "me too" situation where one
> funny application discovered in one window manager menu
> is demanded propagated to all others.
I run debian. Probably, so does the OP. I dare say that one app found in
the depths of a wm menu is also somewhere in the others'. And if not,
just run it or add it to your personal menu.
>
> 4. Resource protection: Disable badly configured or programmed
> windowmanagers that may consume memory, cpu or user's
> working time.
Uninstall them.
>
> 5. Company policy: In _our_ company _everybody_ uses the same
> application. Period.
Uninstall the rest.
>
> 6. Parental concern: Where the system manager thinks s/he knows best
> what is good or bad for the users.
Don't install the 'bad' applications.
My point is that I really don't see why to restrict a subset of your
users.
(Pardon me the cynical tone of this post, not intended :-)
David
Reply to: