Restrict desktops for users

asked 2014-06-14 15:41:05 -0600

segfault
31 ●1 ●5

updated 2014-06-16 09:15:20 -0600

I'm going to install Fedoray 20 with Sugar Desktop for the kids, but want to be able to use a normal desktop environment for myself. How can I restrict their accounts so that they can only log into Sugar Desktop? Maybe using an ACL to prevent their accounts from reading some critical files, but which ones? Or is there a better way?

EDIT:

I'd like to use one of the Scripting Integration Points in GDM, but these scripts only get the username as an environment variable. How can I find out what desktop environment they are trying to use? Can I look at some running process, or some file in their home directory to find out which desktop environment they've requested?

edit retag flag offensive close merge delete

Comments

Does wmctrl work well for this in fedora? http://askubuntu.com/a/92948/15216

segfault ( 2014-06-16 12:46:30 -0600 )edit

well, this should give the environment name: wmctrl -m | sed -n -e 's/Name: //' -e 1p, but when it is run in the GDM integration script it will only return GNOME Shell regardless of what desktop environment the user has chosen.

segfault ( 2014-06-16 19:04:38 -0600 )edit

add a comment

0

answered 2017-11-12 20:33:19 -0600

wine.and.cheese
1

I'm not especially concerned about security here in the kids' Sugar sessions, so I got this working this way:

Create a kid's account.
Logout as myself, login to Sugar as the kid.
Logout as the kid, log back in as myself.
Remove the password from the kid's account: sudo passwd -d username

Now, when you click on the kid's user name at the GDM login screen, it will login directly to Sugar without prompting for session selection.

edit flag offensive delete link

add a comment

0

answered 2014-06-15 03:50:32 -0600

FranciscoD_
10447 ●60 ●128 ●194 https://ankursinha.in

I'm not sure if this can be done. I found a configuration option that lets you specify what session to use by default, but this can be modified by the user himself.

https://help.gnome.org/admin/gdm/stable/configuration.html.en

This post mentions the same thing, with a little more information: http://askubuntu.com/questions/172314/how-to-restrict-an-user-to-a-specific-desktop-environment

I think this is a good enhancement to request upstream to include. The administrator should be optionally able to control the session users wish to use.

edit flag offensive delete link

Comments

Thanks, that's a good starting place. On that GDM page there is documentation for integrations scripts that look like exactly what I need. I can just make a PostLogin script, and check the username vs the session they've requested and return 1 if it doesn't match up. I need more detailed documentation on these scripts though. For example, if they are running as root, then how do I know what user is being logged in? Are there parameters passed to the script or am I supposed to look at environment variables, and if so which ones?

segfault ( 2014-06-15 11:00:30 -0600 )edit

The user name is set in an environment variable, but precious little else.

segfault ( 2014-06-16 09:05:20 -0600 )edit

@segfault, take a look at http://unix.stackexchange.com/questions/116539/how-to-detect-the-desktop-environment-in-a-bash-script

mether ( 2014-06-16 10:30:39 -0600 )edit

@mether Good find but unfortunately none of the environment variables they mention are set in the environment for these integration scripts. When I get a chance I'll post the entire list of environment variables I have, but there are less than a dozen of them.

segfault ( 2014-06-16 12:40:47 -0600 )edit

add a comment

Restrict desktops for users

Comments

2 Answers

Comments

Question Tools

Stats

Related questions

Restrict desktops for users edit

Comments

2 Answers

Comments

Question Tools

Stats

Related questions

Restrict desktops for users