Changes between Initial Version and Version 1 of kde/ApplicationAccessRestrictions

Timestamp:

Nov 24, 2009, 2:03:57 PM (16 years ago)

Author:

Jörg Steffens

Comment:

--

kde/ApplicationAccessRestrictions

@@ +1 @@
+= Restrict Access to Applications =
+
+sometimes, applications are installed on the system,
+but not all users should not be able to start it.
+
+uninstalling not always possible,
+because some users may use it, or it is part of a larger RPM and the other applications from the RPM should stay on the system.
+
+different approaches:
+
+
+====== TryExec ======
+
+check, if the user is allowed, to execute the application:
+
+{{{
+[Desktop Entry]
+Comment=Ganttproject
+Exec=/opt/ganttproject/ganttproject.sh
+TryExec=/opt/ganttproject/ganttproject.sh
+}}}
+
+If the command that is specified by TryExec is not executable by the user,
+the Desktop-Entries is not displayed in the Start-Menu.
+
+
+====== hide application by modifying the .desktop file ======
+
+show only, if VMware image exists (and is readable):
+
+vmware-winnt.desktop:
+{{{
+[Desktop Entry]
+Comment=VMware mit Windows NT starten
+Exec=/usr/bin/sudo /usr/bin/sc_vmware.sh /local/vmware/vermka/Windows_NT.vmx
+Hidden[$e]=$(test -r /local/vmware/vermka/Windows_NT.vmx || echo "true")
+}}}
+
+====== permissions ======
+
+Set application permissions to not executable by normal user and desktop files to be not readable.
+Define this in a permissions file under {{{/etc/permissions.d/}}}.
+Filename must match a installed RPM name.
+
+Execute
+{{{/sbin/conf.d/SuSEconfig.permissions}}}
+
+which sets permissions accordanly.
+After package installation by YaST, SuSEconfig is called
+and sets permissions.
+Therefore application is still unaccessable after a package update.
+
+Example:
+/etc/permissions.d/k3b:
+{{{
+/usr/bin/k3b                                    root.media      750
+/usr/share/applications/kde4/k3b.desktop        root.media      640
+}}}
+
+