1

I have a system that I would like to limit a specific user to a single app that will autostart when he logs in. I don't see any way to do this with the toolbar/launcher active but I have seen references to a "custom Desktop" for a user but can find no specific info on how to set one up and what its limits are.

Can this be done?

Any suggestions on where to look for such info?

I have looked at "Setting Up Ubuntu as a Kiosk Web Appliance by natrinicle" and it is on a different version of ubuntu, or at least mine doesn't have any of the menus he is using. The "Customize Ubuntu for a library Internet kiosk" just references back to that one. I at least need one that works with 14.04.

I have tried to use the guest account but I cannot find any way to run the program. It needs to be run sudo or setuid to another user and I can't find any way to do that in the guest account under 14.04.

kaflick
  • 11
  • What you're asking seems to be more appropriate for a kiosk type of setup , so consider that. Personally, I'd install openbox - there's just plain desktop for it. . . Apps are accessible through right click menu, but if you edit config files, I believe it's possible to remove the relevant entries from there – Sergiy Kolodyazhnyy Nov 19 '15 at 15:56
  • If you do not want to use a kiosk, then I advise you use the guest account. They can do more then a single app with the default settings on the guest account, but the guest is restricted by apparmor. See http://tuxdiary.com/2014/11/05/linux-distros-for-kiosks/ and https://help.ubuntu.com/community/PasswordlessGuestAccount and https://help.ubuntu.com/community/CustomizeGuestSession and https://help.ubuntu.com/stable/ubuntu-help/shell-guest-session.html NOTE: "SINGLE APP" requires access to lots of libs, bash, X, etc. – Panther Nov 19 '15 at 16:23
  • @JacobVlijm- Other then the adage, physical access is root access, the guest account is confined by apparmor, so difficult to break out of and one can always be more restrictive by customizing the apparmor profile. – Panther Nov 19 '15 at 16:24
  • I'll look into the guest account method, it looks like it might do what I need, which is to protect the system from the one user but allow the other users to continue like they did before. Thanks all. – kaflick Nov 19 '15 at 16:48
  • @bodhi.zazen right, the option is not suited for excluding all apps but one and / unattended situations. The question does not make clear however what exactly is the situation and the reason. Removed the link. – Jacob Vlijm Nov 19 '15 at 21:17
  • For more clarity I have a system with multiple users doing various tasks that works fine. We wish to add a user that can run a program that uses a camera to measure the width and angle of the grind on a blade. The program saves all of the data to a flash drive. We would like that user to be able to run that program (autostart would be ok) to save the data but not be able to see, change or copy anything else on the machine. – kaflick Nov 19 '15 at 21:45
  • you can not do this easily or by default. You will have to write a kiosk (lots of work) and / or write a custom apparmor profile. The apparmor profile will have to allow access to all the binaries and libs to access X, and the camera, and the flash drive, and the apps. Doing so will take a bit of reading on your part and work identifying what binaries / libs are needed to do all this. See http://www.howtogeek.com/118328/how-to-create-apparmor-profiles-to-lock-down-programs-on-ubuntu/ and https://wiki.ubuntu.com/AppArmor . IMO the question is too broad. – Panther Nov 19 '15 at 23:58
  • To identify the libs, use ldd. ldd /path/to/binary for example ldd /usr/bin/bash . You can try using wild cards in your apparmor profile, but you will likely need to update the apparmor profile with system upgrades, or upgrades to the binaries and libs you are using. – Panther Nov 20 '15 at 00:00

0 Answers0