Ubuntu – Can I prevent/restrict standard users from installing/uninstalling software

restricted-accessSecuritysoftware-centersoftware-sourcesusers

Can i prevent/restrict standard user from installing/uninstalling software in Ubuntu 12.04 desktop?

Best Answer

You have asked a lot of similar questions.

To install software you either need to be root a special account which is locked by default or an administrator.

In 12.04 and later administrators are part of the group sudo in previous versions it was admin.

You can check what groups a user belongs to by typing id in a terminal when logged on as that user or id username replacing username with the name of that user. On my machine I see

warren@vb:~$ id
uid=1000(warren) gid=1000(warren) groups=1000(warren),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare),125(vboxsf)
warren@vb:~$ id joe
uid=1001(joe) gid=1001(joe) groups=1001(joe)
warren@vb:~$

Which shows I warren is an administrator and joe is not.

By default the first user created on the computer is an administrator; all others are not. To stop someone being an administrator just make sure they are not in the sudo or admin group. To make someone an administrator add them to the sudo group.

Related Solutions

Ubuntu – Restrict access to the home folder from another standard user account

One way would be logging in as your user, open up a terminal (hit Ctrl+Alt+T), type

chmod go-rwx ~

and hit enter.

Like that you deny the permission to read, write and cd to your home directory to anybody apart from you.

Ubuntu – How to restrict access to a NTFS partition to a standard (non-admin) user

Open fstab file as using
```
gksudo gedit /etc/fstab
```
You should add line in /etc/fstab file as follows,
```
/dev/sda7   /media/EXTRA    ntfs-3g noauto,uid=XXX,unmask=7 0   0
```
Here XXX is my user id. You can find yours with id command and /dev/sda7 is the partition I want to restrict access to.
Create a folder named EXTRA in /media/ as follows,
```
sudo mkdir /media/EXTRA
```
Now whenever you login you need to mount it as,
```
sudo mount /dev/sda7 /media/EXTRA
```

Done!

Explanation:
If a particular partition contains a VFAT or NTFS filesystem and you only wish to be able to access it yourself, it's pretty simple:

Include the options "noauto", "uid=XXX", and "umask=7" in fstab line and remove the "user" and/or "users" options if they appear there now.

This means that at boot time the system will come up with that partition unmounted, and only you (operating as root, using sudo presumably) can mount it.

Once mounted, it will be owned by your unprivileged user (assuming that that user's uid is XXX, which is given to the first user created at install time in MDV installs - check with the "id" command run as that user, and adjust fstab accordingly) and will be inaccessible to all other local users.

To mount your restricted 4 partitions by issuing mount command four times is a boring task. To cut that boring task, I have written a shell script:

#!/bin/bash
#Mount Unmount secret partitions now with choice of partition
function checkPartitions(){
    local state=$1
    local dev=$2
    case $state in
    "unmounted")
        mount | grep -q $dev
        if [ $? -eq 1 ]; then
            echo $dev
        fi
        ;;
    "mounted")
        mount | grep -q $dev
        if [ $? -eq 0 ]; then
            echo $dev
        fi
        ;;
    esac
}

function safeUnmount() {
    local dev=$1
    mount | grep -q $dev
    if [ $? -eq 0 ]; then
        echo "Device $dev found. Unmounting now"
        sudo umount $dev
        if [ $? -eq 0 ]; then
            echo "Device $dev unmounted successfully."
        else
            echo "You are not root??"
        fi
    else
        echo "Device $dev is already unmounted."
    fi 
}

function safeMount() {
    local dev=$1
    mount | grep -q $dev
    if [ $? -eq 1 ]; then
        echo "Device $dev not found. Mounting now"
        sudo mount $dev
        if [ $? -eq 0 ]; then
            echo "Device $dev mounted successfully."
        else
            echo "You are not root??"
        fi
    else
        echo "Device $dev is already mounted."
    fi 
}

echo -e "What you want to do? \n 1. Mount Secret Partitions \n 2. Unmount Secret Partitions"
read -p "Enter your choice :" choice

case $choice in
1)
    echo -e "You want to Mount your secret partitions"
    echo "-------List of Unmounted secret partitions-------"
    checkPartitions "unmounted" "/dev/sdaX1"
    checkPartitions "unmounted" "/dev/sdaX2"
    checkPartitions "unmounted" "/dev/sdaX3"
    checkPartitions "unmounted" "/dev/sdaX4"
    anythingelse="y"
    #echo -e "\n"
    while [ $anythingelse == y -o $anythingelse == Y ]; do
        read -p "Which partition should be mounted?" partNum
            safeMount "/dev/sda"$partNum
        read -p "Do you want to mount any other partition? [y/n]" anythingelse
    done
    ;;
2)
    echo -e "You want to Unmount your secret partitions\n"
    echo "--------List of Mounted secret partitions--------"
    checkPartitions "mounted" "/dev/sdaX1"
    checkPartitions "mounted" "/dev/sdaX2"
    checkPartitions "mounted" "/dev/sdaX3"
    checkPartitions "mounted" "/dev/sdaX4"
    anythingelse="y"
    #echo -e "\n"
    while [ $anythingelse == y -o $anythingelse == Y ]; do
        read -p "Which partition should be unmounted?" partNum
            safeUnmount "/dev/sda"$partNum
        read -p "Do you want to unmount any other partition? [y/n]" anythingelse
    done
    ;;
esac

Replace /dev/sdaX with your 4 partitions.

Save as secret-mount-unmount.sh and then issue a command

chmod +x /path/to/file/secret-mount-unmount.sh

Double click the file and then hit Run in Terminal and proceed.

Best Answer

Related Solutions

Ubuntu – Restrict access to the home folder from another standard user account

Ubuntu – How to restrict access to a NTFS partition to a standard (non-admin) user

Related Question