2

we have a small office (25pcs) running ubuntu 13.04. Is there a group policy on ubuntu that will disable all installations of programs. I want to disable the users installing random programs. I know in windows you can, not so sure sure about Ubuntu 13.04. Any help will be appreciated. THANKS

muru
  • 197,895
  • 55
  • 485
  • 740
user193323
  • 21
  • 1
  • 2

3 Answers3

4
  • Installing software from Ubuntu software center requires the admin password.
  • Installation for software outside the home of the user generally requires the admin password.

So do not give them the admin password.

Putting files in the home directory is basically not installing and you more than likely can not stop anyone from downloading a file, putting it in a newly created directory and have them unpack it there (and use it from there).

To avoid people downloading and running programs from "Home" you could change /etc/fstab, adding the noexec parameter to the partition.

And also: what is wrong asking them to ask you to install software if they need something ;)

Community
  • 1
Rinzwind
  • 299,756
  • 1
    To avoid people downloading and running programs from "Home" one could change fstab, adding the noexec parameter to the partition. – To Do Sep 16 '13 at 08:15
  • Good one @todo added it :D – Rinzwind Sep 16 '13 at 08:17
  • 2
    Actually, the noexec thing doesn't work with interpreted languages like python, java and bash because the binary is sitting somewhere in /usr or /bin even if running a "program" in /home. – bitmask Sep 16 '13 at 14:38
  • And to prevent me, the admin, from installing specific ones ? (I discovered 0ad, and find it too much addictive ^^) – Revolucion for Monica Nov 09 '18 at 01:23
0

It is impossible to secure an operating system (whether it's Ubuntu or Windows) from users that have physical access to the machine. I can always boot a live system or plug the drive into my system and change the root password.

So, in order to prevent physical access, you'd have to make sure the user cannot mount any external media (like cds, dvds, usb sticks, ...), cannot manipulate the BIOS and cannot interfere with the hardware configuration. If you make sure of all that, you will have a small chance that your system is under your control, but there might be other ways to break into the root user account.

Instead, I'd suggest to educate your users and ask them not to install / run anything on their own but first consult with you.

bitmask
  • 164
0

You can use the users-admin tool. You should find it into "System settings -> Users", but you can also run it using users-admin.

Select the account you want to change and click on "Change..." near "Account type:".
Here you can choose "Admin" or "Desktop user".

  • Admin:
    Can change everything on your system, install and update software.

  • User:
    Can perform common tasks, but he cannot install or modify system settings.

Anyway, do not give them the root/admin password.

PeppeDAlterio
  • 5,722
  • 1
  • 16
  • 10