wiki:kde/ApplicationAccessRestrictions

Context Navigation

Version 2 (modified by Jörg Steffens, 15 years ago) ( diff )
restrict system settings

Restrict Access to Applications

sometimes, applications are installed on the system, but not all users should not be able to start it.

uninstalling not always possible, because some users may use it, or it is part of a larger RPM and the other applications from the RPM should stay on the system.

different approaches:

TryExec

check, if the user is allowed, to execute the application:

[Desktop Entry]
Comment=Ganttproject
Exec=/opt/ganttproject/ganttproject.sh
TryExec=/opt/ganttproject/ganttproject.sh

If the command that is specified by TryExec is not executable by the user, the Desktop-Entries is not displayed in the Start-Menu.

hide application by modifying the .desktop file

show only, if VMware image exists (and is readable):

vmware-winnt.desktop:

[Desktop Entry]
Comment=VMware mit Windows NT starten
Exec=/usr/bin/sudo /usr/bin/sc_vmware.sh /local/vmware/vermka/Windows_NT.vmx
Hidden[$e]=$(test -r /local/vmware/vermka/Windows_NT.vmx || echo "true")

permissions

Set application permissions to not executable by normal user and desktop files to be not readable. Define this in a permissions file under /etc/permissions.d/. Filename must match a installed RPM name.

Execute /sbin/conf.d/SuSEconfig.permissions

which sets permissions accordanly. After package installation by YaST, SuSEconfig is called and sets permissions. Therefore application is still unaccessable after a package update.

Example: /etc/permissions.d/k3b:

/usr/bin/k3b                                    root.media      750
/usr/share/applications/kde4/k3b.desktop        root.media      640

Restrict Access to Systemsettings

to disable configuration item from systemsettings, perform the former specified actions on share/kde4/services/settings-NAME. This can also be done in a KDE-profile.

Get List of configuraton modules

kcmshell4 --list

Example: disable configuration module display

assume using the KDE-Profile /var/lib/kde-profiles/vermkv_kiosk/

Create config file /var/lib/kde-profiles/vermkv_kiosk/share/kde4/services/settings-display.desktop:

[Desktop Entry]
TryExec=/bin/false

or if it should be depend on the environment:

[Desktop Entry]
Hidden[$e]=$(if test -e /tmp/flagfile_example; then echo "false"; else echo "true"; fi)

Note: See TracWiki for help on using the wiki.

Download in other formats:

Plain Text