You are not logged in.
Pages: 1
I currently have two users on my computer and would like to remove the permission of one user to run Deluge.
Is there any way this can be accomplished simply?
I have tried editing the permissions of the executable in /usr/bin from:
rwxrwxrwx root root ......
to
rwxrwxr-- root root ......
This removed permissions to start the program from the terminal (bash: /usr/bin/deluge: Permission denied), however Deluge could still be started by accessing it form the Openbox App Menu, or through Gnome-do.
Thanks in advance!
Last edited by Athenaeum (2012-01-11 01:02:52)
Offline
I suppose you could make a "deluge" group, and exclude the bad user from it.
But that wouldn't stop the bad user from compiling deluge within his ~, and running that
Offline
Offline
Perhaps I should have clarified my situation a little better.
I am not very concerned about the other user being able to install programs.
The reason I would like to limit one user is that I have two separate user accounts for at home and for at work. Torrenting isn't exactly something they take to kindly at work, so I am simply trying to stop myself from accidentally starting Deluge on my work account (which has already happened).
@brebs
How would one implement the deluge group in a fashion that would stop a user not in the group from starting deluge via gnome-do or the application menu?
When I edited the deluge executable in /usr/bin I remove the execute permission, which stopped any non-root users from starting it via the terminal, but didn't stop them from starting it via the application menu or gnome-do.
@hermes
Thanks for the suggestion - will look into it when I have a little more time to read through it.
Offline
How would one implement the deluge group
chgrp deluge /usr/bin/deluge
But, if this is to protect yourself from yourself (or really your employer's IT dept), maybe it would be better to call the group "nonworksafe"
I myself run AppArmor, and it could be used, but it's overkill for just this task.
Offline
I don't have deluge installed, but I find it quite strange that the default permissions were rwxrwxrwx rather than rwxr-xr-x.
More importantly, something is wrong if your GUI ignores permissions. If I change gimp (for example) to rwxr-xr-- , I can't run it from the app menu any more than I can run it from the console.
Edit:
Deluge has several executables in /usr/bin, I think you probably didn't restrict the right one:
usr/bin/deluge
usr/bin/deluge-console
usr/bin/deluge-gtk
usr/bin/deluge-web
usr/bin/deluged
deluge-gtk is probably what the GUI launchers call.
Last edited by alphaniner (2012-01-10 22:42:51)
But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner
Offline
Not a very elegant solution, since point 3 would possibly need to be repeated at every deluge upgrade. Not tested, but should work though.
1) create a deluge group:
$ groupadd deluge
2) add your user to deluge group:
$ gpasswd -a YOURUSER deluge
3) change deluge executable permissions so that only root and users in deluge group can run it:
$ chmod 750 `which deluge`
4) logout/login.
Far simpler for what you're trying to accomplish.
Hope this helps!
EDIT:
Please follow alphaniner suggestion about narrowing down your deluge executable choice (apply point 3 to the ones you want to restrict access to). I don't use it myself, so I didn't figure out that the "strange" GUI behavior could be simply explained considering that deluge is likely just a link to deluge-gtk, or the former is a script that calls the latter.
Last edited by hermes (2012-01-10 23:09:52)
Linux Registered User #362737
Offline
OK guys, thanks a lot for the help.
Using alphaniner's and hermes' suggestions I was able to get everything working well.
As alphaniner suggested, it appears that gnome-do and the openbox-menu were linking to deluge-gtk instead of deluge.
For those interested, I set up the group/permissions as hermes suggested:
1) create a deluge group:
$ groupadd deluge
2) add your user to deluge group:
$ gpasswd -a YOURUSER deluge
3) change deluge executable permissions so that only root and users in deluge group can run it:
$ chmod 750 `which deluge`
Rather than applying it only to the deluge file in /usr/bin, I simply ran:
$chmod 750 GROUP deluge deluge-gtk deluge-console deluge-web deluged
Which gave me the permissions for each edited file as:
-rwxr-x--- 1 root deluge
Thank again for all the help!
Offline
Possible simpler solution:
on work account
create a deluge file in your $HOME/bin directory (assuming that's in your $PATH and your user bin comes before the system bins)
with
echo "Do not run deluge from work account!"
Last edited by fschiff (2012-01-11 01:11:14)
Offline
Pages: 1