Can i prevent/restrict standard user from installing/uninstalling software in Ubuntu 12.04 desktop?
Ubuntu – Can I prevent/restrict standard users from installing/uninstalling software
restricted-accessSecuritysoftware-centersoftware-sourcesusers
Related Solutions
One way would be logging in as your user, open up a terminal (hit Ctrl+Alt+T), type
chmod go-rwx ~
and hit enter.
Like that you deny the permission to read, write and cd to your home directory to anybody apart from you.
Open fstab file as using
gksudo gedit /etc/fstab
You should add line in /etc/fstab file as follows,
/dev/sda7 /media/EXTRA ntfs-3g noauto,uid=XXX,unmask=7 0 0
Here
XXX
is my user id. You can find yours withid
command and/dev/sda7
is the partition I want to restrict access to.Create a folder named
EXTRA
in/media/
as follows,sudo mkdir /media/EXTRA
Now whenever you login you need to mount it as,
sudo mount /dev/sda7 /media/EXTRA
Done!
Explanation:
If a particular partition contains a VFAT or NTFS filesystem and you only wish to be able to access it yourself, it's pretty simple:
Include the options "noauto", "uid=XXX", and "umask=7"
in fstab line and remove the "user" and/or "users" options if they appear there now.
This means that at boot time the system will come up with that partition unmounted, and only you (operating as root, using sudo presumably) can mount it.
Once mounted, it will be owned by your unprivileged user (assuming that that user's uid is XXX, which is given to the first user created at install time in MDV installs - check with the "id" command run as that user, and adjust fstab accordingly) and will be inaccessible to all other local users.
To mount your restricted 4 partitions by issuing mount
command four times is a boring task. To cut that boring task, I have written a shell script:
#!/bin/bash
#Mount Unmount secret partitions now with choice of partition
function checkPartitions(){
local state=$1
local dev=$2
case $state in
"unmounted")
mount | grep -q $dev
if [ $? -eq 1 ]; then
echo $dev
fi
;;
"mounted")
mount | grep -q $dev
if [ $? -eq 0 ]; then
echo $dev
fi
;;
esac
}
function safeUnmount() {
local dev=$1
mount | grep -q $dev
if [ $? -eq 0 ]; then
echo "Device $dev found. Unmounting now"
sudo umount $dev
if [ $? -eq 0 ]; then
echo "Device $dev unmounted successfully."
else
echo "You are not root??"
fi
else
echo "Device $dev is already unmounted."
fi
}
function safeMount() {
local dev=$1
mount | grep -q $dev
if [ $? -eq 1 ]; then
echo "Device $dev not found. Mounting now"
sudo mount $dev
if [ $? -eq 0 ]; then
echo "Device $dev mounted successfully."
else
echo "You are not root??"
fi
else
echo "Device $dev is already mounted."
fi
}
echo -e "What you want to do? \n 1. Mount Secret Partitions \n 2. Unmount Secret Partitions"
read -p "Enter your choice :" choice
case $choice in
1)
echo -e "You want to Mount your secret partitions"
echo "-------List of Unmounted secret partitions-------"
checkPartitions "unmounted" "/dev/sdaX1"
checkPartitions "unmounted" "/dev/sdaX2"
checkPartitions "unmounted" "/dev/sdaX3"
checkPartitions "unmounted" "/dev/sdaX4"
anythingelse="y"
#echo -e "\n"
while [ $anythingelse == y -o $anythingelse == Y ]; do
read -p "Which partition should be mounted?" partNum
safeMount "/dev/sda"$partNum
read -p "Do you want to mount any other partition? [y/n]" anythingelse
done
;;
2)
echo -e "You want to Unmount your secret partitions\n"
echo "--------List of Mounted secret partitions--------"
checkPartitions "mounted" "/dev/sdaX1"
checkPartitions "mounted" "/dev/sdaX2"
checkPartitions "mounted" "/dev/sdaX3"
checkPartitions "mounted" "/dev/sdaX4"
anythingelse="y"
#echo -e "\n"
while [ $anythingelse == y -o $anythingelse == Y ]; do
read -p "Which partition should be unmounted?" partNum
safeUnmount "/dev/sda"$partNum
read -p "Do you want to unmount any other partition? [y/n]" anythingelse
done
;;
esac
Replace /dev/sdaX
with your 4 partitions.
Save as secret-mount-unmount.sh
and then issue a command
chmod +x /path/to/file/secret-mount-unmount.sh
Double click the file and then hit Run in Terminal
and proceed.
Best Answer
You have asked a lot of similar questions.
To install software you either need to be root a special account which is locked by default or an administrator.
In 12.04 and later administrators are part of the group sudo in previous versions it was admin.
You can check what groups a user belongs to by typing
id
in a terminal when logged on as that user orid username
replacing username with the name of that user. On my machine I seeWhich shows I
warren
is an administrator andjoe
is not.By default the first user created on the computer is an administrator; all others are not. To stop someone being an administrator just make sure they are not in the sudo or admin group. To make someone an administrator add them to the sudo group.