Hello,
I just installed Zorin Os and it is just awsome!
I created 2 users
user1 as admin
user2 as not admin, to be used by my family
As admin I installed some programs for maintenance (eg. dconf, timeshift).
How can I make sure user2 will not be able to run these programs?
Is it even possible to remove them so they can not see them (eg from the menu)?
Thanks for the input. That is the problem I have: I could find on line a lot of documentation to change groups, owner and authorization, etc.. ... but I do not see what would be the best practice to use.
For example to add user2 in a group that lack permission: what would be the best practice:
Do I need to specify in the group each program to remove the x authorization?
What if the user2 is assigned to other groups (which have x authorization) , which authorization user2 will then have?
I am honestly not sure... I would go with user groups as a recommendation. But for the fine details, I would need to learn right alongside you.
My own machines are an open book... (Mostly).
In my experience: Fear of me is far more conducive to their security than security is.
My user case for me is to set up a system for an other person (my mum) which is not so must used to PCs.
So I will be the admin and I want to avoid that she does accidentality run programs she should not do.
I put her as non admin, but I want to see if there is a way to block some programs (like dconf, timeshift, etc.)
you could only allow read/write permissions to any user within the root group using the file manager (as an Administrator, that is)
you can run Nautilus, Core's file manager as admin/root like this:
sudo nautilus
and Thunar, Lite's file manager, like this:
sudo thunar
From there, just head over to wherever the binary is installed to, and change it's permissions
I don't know much about permissions, but this is what I'd try