Restricting user access to apps


This is probably a dumber question than I think, but as an administrator how do you limit a users access to the various apps on a single machine system?

I have found the user privelleges under file->get info in finder but this doesn't seem to apply to apps!

I want to limit some users to just some basic apps such as Appleworks running in Classic and not allow them say play the bundled chess.



Only things found in the Public folder are accessible across a, you could try to put aliases to your apps there...

it may be that the ability to share applications has been removed. or, at least, restricted to the Mac OS X Server application.


Notorious Olive Counter
I think, once you let a user run Classic, you've let them run just about anything in Classic. OS 9 has essentially no access controls, at least not ones that work, as you likely know.

The "get info" panel for some reason doesn't seem to show the third type of permission - execute permission. (at least in PB, I haven't got GM yet) You'll need to use the commandline to change execute permissions.

<b>chown -R ownername</b> changes the owner of some program.

<b>chgrp -R groupname</b> changes the group of the program.

<b>chmod -R o-x</b> prevents those who aren't the actual owner or in the owning group of the program from running it.

You can make a group, probably in NetInfo, for privileged users, and then give programs that are to be restricted to that group, and stop non-members of the group from running them.

Before you do anything though, read the documentation - type <b>man command</b> to read the manual for each command (chmod, chgrp, chown)


i don't believe that it's possible to allow access to applications, only files (maybe apps that are stored in Public)... probably for security reasons.


I think the chown, chgrp,chmod is the way to go I'll try it out. Maybe someone could write an app to use them to do this.

Actually the finder's file-show_info app would be ideal if it let you assign privelleges to apps as well as files and folders.

Also I think files etc that have group/user privelleges set to NONE ought to be invisible to those groups/users, currently I don't think this is the case.

Trying aliases in the public folder may be possible but I would actually quite like users to have the benefit of the Home, Applications and System Prefs buttons in the Finder Toolbar, only I want the capability to set what they can see and use when they click on those buttons.

Finally as administrator I want to be God - totally omnipotent - Big Brother. I find that logged in as admin I am restricted from user's files in their home directory unless I first logon as the user and give the admin RW access privelleges.
I should be allowed to see everything, change everything and lock a user out of their own files if I want to - it's my computer damn it!




Aha, those Apple guys are pretty smart after all huh? Read the article in the site below. Apparently being administrator isn't the be all and end all. You can log in a root at the login using admins password then get god-status to set user execution RW privelleges etc.

As the article says - this ought to be documented a bit more.