Make some program visible and executable only by admin

OcirneMat · 9 March 2022 13:52

Hello,
I just installed Zorin Os and it is just awsome!

I created 2 users
user1 as admin
user2 as not admin, to be used by my family

As admin I installed some programs for maintenance (eg. dconf, timeshift).
How can I make sure user2 will not be able to run these programs?
Is it even possible to remove them so they can not see them (eg from the menu)?

Thanks a lot
OcirneMat

Aravisian · 9 March 2022 14:03

If needs be, you can assign user2 to a group that lacks permssions:

OcirneMat · 9 March 2022 15:02

Hi Aravisian,

Thanks for the input. That is the problem I have: I could find on line a lot of documentation to change groups, owner and authorization, etc.. ... but I do not see what would be the best practice to use.

For example to add user2 in a group that lack permission: what would be the best practice:

Do I need to specify in the group each program to remove the x authorization?
What if the user2 is assigned to other groups (which have x authorization) , which authorization user2 will then have?

Thanks in advance for your support,
OcirneMat

Aravisian · 9 March 2022 15:52

I am honestly not sure... I would go with user groups as a recommendation. But for the fine details, I would need to learn right alongside you.
My own machines are an open book... (Mostly).
In my experience: Fear of me is far more conducive to their security than security is.

OcirneMat · 9 March 2022 16:31

Hi Thanks Aravisan,

My user case for me is to set up a system for an other person (my mum) which is not so must used to PCs.
So I will be the admin and I want to avoid that she does accidentality run programs she should not do.
I put her as non admin, but I want to see if there is a way to block some programs (like dconf, timeshift, etc.)

anon2532484 · 9 March 2022 18:53

you could only allow read/write permissions to any user within the root group using the file manager (as an Administrator, that is)

you can run Nautilus, Core's file manager as admin/root like this:

sudo nautilus

and Thunar, Lite's file manager, like this:

sudo thunar

From there, just head over to wherever the binary is installed to, and change it's permissions
I don't know much about permissions, but this is what I'd try

OcirneMat · 12 March 2022 23:11

Thanks TGRush,
Does you (or someone) knows how can I disable the permission of execution of some programs for not admin (sudoer) user?

system · 10 June 2022 23:12

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.