4

I want to limit access to running apps with a password. Is that possible? I have an app in the tray icon and I want to close it for unauthorized access.

Greetings

Braiam
  • 67,791
  • 32
  • 179
  • 269
kleinempfaenger
  • 993
  • 6
  • 13

2 Answers2

3

The following setup is fit for "home, garden and kitchen" use, when no specific security is needed. I also need to say that it is still possible to open the application via the command line; it is strictly for "indoor" use, to prevent children to acces an application for example.

The trick is to redirect the command in the application's desktop file to a script that calls the application, provided that the right password is given.The setup can be undone easily.

Below are two scripts, one to call the window to enter the password (script1), and one to process the given password (script2).

Prepare the scripts:

script1, call the zenity window to enter the password:

#!/bin/sh

if zenity --entry \
--title="Restricted!" \
--text="Enter your _password:" \
--entry-text "password" \
--hide-text
  then echo $?
  else echo "No password entered"
fi

Copy the text above, paste it in an empty document, save it in ~/ as "passwordwindow", and make it executable.

script2 to process the given password:

#!/usr/bin/python3

import subprocess

# application_name = the command to start the application:
application_name = "application_name"
# enter the required password here:
password = "password"
# enter the path to script1 here (for example ~/passwordwindow):
path_to_script1 = "path_to_script1"

getpassword = subprocess.Popen([path_to_script1], stdout=subprocess.PIPE)
passwordinput = getpassword.communicate()[0].decode("utf-8").replace("\n0\n", "")
if passwordinput == password:
    subprocess.call([application_name])
else:
    pass

Copy the text above, paste it in an empty document and replace the following entries in the headsection of the script:

  • replace in the script the "application_name" by the command to open the application. If you don't know, open the application's desktop file, located in /usr/share/applications, with gedit and copy what comes after "Exec=".
  • replace "password" by the required password.
  • replace "path_to_script1" by the real path to script1 (e.g. "/home/yourname/passwordwindow").

include the quotations.

Save the file (hidden) as .myownpassword.py in ~/

Prepare the .desktop file:

To finish the setup:

  • copy the application's desktop file from /usr/share/applications to~/.local/share/applications`
  • open the file with gedit and replace the command after "Exec=" by: python3 /path_to_script2/.myownpassword.py (no quotation)

Now, after next log out / login, if you start the application, you will be asked for your password, as defined in script2:

enter image description here

How to remove:

To undo the setup, just remove the local desktop file in /.local/share/applications and the two scripts in your ~/ directory.

Jacob Vlijm
  • 83,767
  • updated my answer, accidentally left my own testdir in code – Jacob Vlijm Apr 08 '14 at 21:39
  • Thank you very much, Jacob. This is a very nice answer. Everything worked great and it will help me a lot. – kleinempfaenger Apr 09 '14 at 15:38
  • BUT, it still doesn't solve the whole problem. The application is already running, with an icon in the systray. I have to suppress also this icon, or use the same or a similar script to password protect it, too. – kleinempfaenger Apr 09 '14 at 15:48
  • @kleinempfaenger what is the application? maybe we can catch its command? – Jacob Vlijm Apr 09 '14 at 17:12
  • It's called "alarm-clock-applet". Would it be possible to make just the systray-icon disappear? – kleinempfaenger Apr 09 '14 at 18:08
  • @kleinempfaenger I found out there are two applications with the same name, and, as far as I can see, the same functionality. One "Alarm Klok" ("alarm-clock"), without systray icon, and one "Alarm Klok" ("alarm-clock-applet") with a systray icon. I think if you install the one without, it should work! Both are in the Software Center. – Jacob Vlijm Apr 09 '14 at 19:09
  • Jacob, alarm-clock doesnt work any more, as it seems. Their Website is down, too. It seems that it is not the same app. The good thing about alarm-clock-applett is, that it runs in the background. That is what I need. I will open a new thread, if it's possible to make systray icons disappear. Anyway, thank you very much for your help. – kleinempfaenger Apr 09 '14 at 20:29
  • @kleinempfaenger that is odd, I just installed it from the Software Center! both applications do not run, they only add a task to cron (if I am not mistaking). Even in the tray, it does not actually run, only when you open it to set an alarm. I just ran an alarm, set by the application, but without running Alarm Clock. – Jacob Vlijm Apr 09 '14 at 20:38
  • Running in terminal I get the following: Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading configurations from ~/.fonts.conf is deprecated. – kleinempfaenger Apr 09 '14 at 21:12
  • @kleinempfaenger according to this site (your alarm clock applet) you can build the applet without indicator: http://alarm-clock.pseudoberries.com/#download – Jacob Vlijm Apr 09 '14 at 21:22
  • Great, great, great. This worked. I compiled and installed the alarm-clock-applet with ./configure --disable-indicator. Now, at startup password is asked. Set alarm and close window. Afterwards program would keep on running in background, without systray icon. To open it again from Dash, password is asked. Thousand thanks. – kleinempfaenger Apr 09 '14 at 21:50
  • Perfect! Glad it works. – Jacob Vlijm Apr 09 '14 at 21:54
1

What kind of unauthorized persons are allowed to use your user account? I would recommend to create various user accounts for the persons with access to the computer. You can then use file permissions to restrict access to certain parts of the system, for example let only members of the group "technicians" execute the program "skype".

It is not secure to let persons you don't trust access your personal user account.

pille1842
  • 536
  • 2
  • 8