ensure only my apps work

Andrew Farris flyindragon1 at aol.com
Sun Jul 11 19:27:47 UTC 2010

On Fri, 2010-07-09 at 11:43 +0100, Hakan Koseoglu wrote: 
> On 09/07/10 10:51, Mac Smith wrote:
> > I have a very typical requirement.
> I wouldn't say this is typical.
> > I have a ubuntu box and i want to ensure that only the applications,
> > scripts, programs that i have installed should run on it, anybody else
> > copying or installing something on it should not be able to execute.
> Mount the home & tmp with noexec, don't give anyone the root password.
> Install rkhunter to track the checksums of the binaries. Tripwire is an 
> other alternative.

I never thought of mounting /home and /tmp with the 'noexec' option, but
that's a good idea.

With that in place, provided your 'anybody else' is running a regular
user account (i.e. not with admin privileges) then that should solve
your problem, I think.

If your concerned about people editing your configurations (such as
theme, etc), you might also want to look at a lockdown editor. Ive used
the program 'pessulus' in the past with success in this realm (called
'Lockdown Editor' in USC)

Hope that helps!

Registered Linux User: 473690
Registered Ubuntu User: 22747

More information about the ubuntu-users mailing list