Announcement

Collapse
No announcement yet.

SNAP & Users access rights

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    SNAP & Users access rights

    Hi,

    How should I prevent all users except one to run a snap installed software ?

    Take Firefox for instance. From 22.04, Firefox is a snap by default, and the /snap/bin/firefox is just a symbolic link to /usr/bin/snap :

    pivert@pivert-X400:~$ which firefox
    /snap/bin/firefox
    pivert@pivert-X400:~$ ls -lh /snap/bin/firefox
    lrwxrwxrwx 1 root root 13 feb 12 19:55 /snap/bin/firefox -> /usr/bin/snap

    So, changing group and permissions on /usr/bin/snap is not an option, since it will impact other packages.

    How can I grant execution right to Firefox (as a snap package) to only one user. The other users are using snap for other applications.

    Context: I want to make sure my child can access Minetest (as snap package), and not Firefox (an other snap package).

    Thanks !
    Tags: None
    • Top
    • Bottom
    #2
    Does your child have their own account?
    IF so, then adjust the owner:group of /snap/bin/firefox to your owner:group.

    Or,
    Set the properties of /snap/bin/firefox so that only you can run it. You can use chown and attr (use man to learn their settings) or you can use dolphin.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.
    • Top
    • Bottom

    Comment

      #3
      Maybe:

      You can block users (that is, system identifiable users, e.g. users that are created using adduser command, that login separately etc) or users that don't belong in a group (here "webapps").

      Find the executable file for firefox:

      $ which firefox /usr/bin/firefox
      Change mode (user permissions) from 755 (default) to 750 (not executable and not readable by "others" except for owner and group):

      sudo chmod 750 /usr/bin/firefox
      Create a group webapps:

      sudo addgroup webapps
      Add current user ($USER) in webapps group:

      sudo adduser $USER webapps
      You have to logout/login for changes to take effect.

      You may add any other user, e.g. mytestuser:

      sudo adduser mytestuser webapps
      Change the owner and group from "root" (default) to "webapps":

      sudo chown webapps:webapps /usr/bin/firefox
      Try running firefox:

      firefox
      Your user can execute/open firefox, others cannot. If you logout/login with a different user that is not in "webapps" group, you won't be able to execute it. Only users in the webapps group may execute /usr/bin/firefox now.

      Revert changes using:

      sudo chmod 755 /usr/bin/firefox sudo chown root:root /usr/bin/firefox
      Ref: Is there a way to lock my browser with a password?

      Using Kubuntu Linux since March 23, 2007
      "It is a capital mistake to theorize before one has data." - Sherlock Holmes
      • Top
      • Bottom

      Comment

      Previous template Next
      Working...
      X