When installing applications via the software center or by a DEB file they will usually be installed system wide for all users.
Is there a way to install an application for a single user only?
Depending on what you want to accomplish, there may be different ways to make this work (or at least give a hacky semblance of the functionality you want).
Installation of software in many ways comes down to making resources available, or allowing access to things that are already present on the system.
Whether you are talking about granting access to printers, or allowing a user to execute programs in a certain directory, there are ways to accomplish this, and though they may be native to Ubuntu, these kinds of solutions are generally (of course) going to be added after the fact of a .deb installation.
Here are two general classes of post-installation control that can be added. Note that, given the right environment, e.g. when a tightly controlled group policy is in place, this might be easier once you have the basic system in place. These kind of permission can even be tied to LDAP or a similar system which can give per-user or group authentication and authorization.
Visiblity control
I've had a perhaps somewhat similar situation myself, but in my case, the users were not (yet) very sophisticated (all of them being under 7 years old). For me, just hiding Gnome menus and or removing desktop launchers worked.
Removing the executable bit from directories eliminates the ability of processes to search or traverse them. It can effectively render them invisible, and user-wise, make them unavailable. If you have a default system policy which creates menus based on file access, for instance, you can get this kind of cosmetic solution in place, and then have it work for subsequent installations with little additional effort.
Execution control
Control of the resource can be done via Unix permissions, apparmor profiles, SELinux permissions, and so on. There may be other levels of control filtering which may come into play depending on the application. In the absence of more targeted solutions, you might have to write wrappers around certain programs to control user or process access.
No comments:
Post a Comment