#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    14
    Rep Power
    0

    How to keep users from "games"


    Hi All,

    I would like to prevent certain users from accessing games and I don't understand how the grouping works.

    I'm running Edubuntu 12.04 with LTSP. All the users are registered into the default "users" group (group # 100). I see games is listed as a group also but 1) I don't see any users actually assigned to it and 2) I don't see where/how it gets included within the users group.

    Do I create an alternative users group that doesn't have games included and use its different group ID for the user I want removed? Where/how would I do that?

    Thanks in advance
    Rob
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,484
    Rep Power
    1752
    Permissions are granted at three levels: the owner, group affiliation and all. Within each of those three there are three types of permission: write, read and execute.
    Each user will, usually, have their own uid letting them have their own files and directories. They will also be 'attached' to certain groups which will expand their access beyond the 'usual'.
    It sounds like you will want to install the games via your id (to make them and their folders owned by you) and then change group ownership and permissions to something other than the default. That group will need to exist first, of course!
    Ensure the executable is read and execute only by the group and attach any user you wish to run the games in that group to the group you used.
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    14
    Rep Power
    0
    Originally Posted by SimonJM
    Permissions are granted at three levels: the owner, group affiliation and all. Within each of those three there are three types of permission: write, read and execute.
    Each user will, usually, have their own uid letting them have their own files and directories. They will also be 'attached' to certain groups which will expand their access beyond the 'usual'.
    It sounds like you will want to install the games via your id (to make them and their folders owned by you) and then change group ownership and permissions to something other than the default. That group will need to exist first, of course!
    Ensure the executable is read and execute only by the group and attach any user you wish to run the games in that group to the group you used.
    Thanks for the reply. I'm not sure if that will accomplish what I want to do. This is my goal - I am writing a php script that will enable individual teachers to deactivate students with a simple form. I have it working to where the teacher can do that but I was hoping to introduce the ability for the teacher to have multiple options rather than just total, complete suspension of computer privileges (i.e.such as loss of game privileges and/or loss of Internet service etc).

    Perhaps there is a more graceful way to accomplish suspension of their privileges (and if so I would love to hear it) but what I do now is remove their group name from their account listing in the etc/passwd file. That effectively prevents them from logging in and to restore them I just edit the file again and add the group info back.

    What I think I need is to create a secondary group for the users. The permissions in the installed games are all drwxr-xr-x so if I chmod them to drwxr-x--- and change the group ownership to a new group such as 'gamers' (it currently is set to root) I think it would work if each user was added to the secondary group 'gamers' in addition to their primary group 'users'. Then, to remove a user from gamers I just would need to remove them from their secondary group 'gamers' and they would no longer get access to any games in the gamers group.

    The only problem I have is that I can't locate where users' secondary membership is recorded. Their primary group is there in etc/passwd but I can't seem to find the right file for the secondary. I'll Google some more but if someone knows I would appreciate the tip.

    Thanks
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Posts
    14
    Rep Power
    0

    bump


    I conducted a test but so far I haven't gotten it to work. I created a new group 'internet'. I chgrp chromium-browser to internet (owner is still root). I chmod etc/chromium-browser to 750 (drwxr-x---). Then I added two users - 1) tester is in both users group and internet group 2) tester1 is only in users group

    I can still access chromium-browser as tester1?

    Is there another location where chromium is installed?
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,484
    Rep Power
    1752
    You can make the security as granular as you like, but you will have an 'explosion' of groups (in effect you'd need one group for every game/application you want to restrict).
    In general the primary group for a given user will be in the /etc/passwd. If the user has membership of additional groups their username will be listed in /etc/group against the group name.. Adding and removing users from groups can mess with this.

    How are they accessing these programs/games? Do they do so from the command line, via a web-page or a combination of both?

    I do not know Ubuntu12 (I've seen it and hate the interface), but I am not sure /etc/chromium-browser would be where the actual binary would be - the /etc directory is for configuration files. A quick google suggests the binary would be in /usr/bin.
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc

IMN logo majestic logo threadwatch logo seochat tools logo