It is currently Thu, 08 Jun 2023 14:15:10 GMT

Author Message
 make file available selectively
I have an X application server that serves thin clients in several
locations.  I'm trying to make it so that certain programs can only be
run from certain thin clients.  I've already built a system that
determines if the client this X display is connected to is allowed to
run a given program.  I just need a way to keep users on unauthorized
workstations from running the program or copying it and running the
copy.  The same user can be logged in from unauthorized and authorized
clients simultaneously, so programs must be controlled on the session
level.  I have a problem with how I want to do this:

My first idea: Create a user called 'controller' make all controlled
applications owned by this user.  Set the program's permissions to
only allow controller to run/read the application file.  If a client
is granted access to this file the control daemon runs this file for
the user.  The problem is I DON'T want the program run as the
'controller' user; I want it run as the requesting user.  Is there a
way for the user 'controller' to execute the program (it is the only
user has permissions) but the program actually run as the requesting
(non-priveledged) user?  I don't want to modify the source and I don't
want to do any-- add user to group controller, run program and remove
user from controller really fast...

Second idea: Give all users execute permissions, but encrypt the file.
 Upon authorization, the daemon unencrypts and 'su USERNAME [the
program].' Problem here is were/how to run the unencrypted program
without it being available to potentially the same user on an
unauthorized client.

Thanks for any help,

 Thu, 10 Nov 2005 05:00:23 GMT   
 make file available selectively

A very simple way would be to rename the program to program2,  and
write a shell script with the original name like
case $LOGNAME in
name|name|name) exec program ;;

Would be a nice work around.
But there a probably ways thru pam as well.

R.A. Reissaus
Risdi, Amsterdam, the Netherlands
Ibm/Informix Consultants
Telefoon: +31(0)20 4942174      : Phone
Mobiel  : +31(0)6 51185352      : Mobile
Fax     : +31(0)20 4940795      : Fax  
E-mail  :
Website :

 Thu, 17 Nov 2005 21:51:47 GMT   
   [ 2 post ] 

Similar Threads

1. Making Files Available by Email

2. Making available from File Manager your host Linux directory through Trumpet winsock

3. Making .exe files available for download by HTTP

4. Selectively instal files

5. Selectively turning off sccs keyword expansion within a file

6. a llittle question with selectively tarring files

7. remove files selectively

8. Making services available (FTP/TELNET/HTTP)

9. Making PPP connection available to all machines in network

10. New user: making more space available under root ?

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software