this post was submitted on 21 May 2026
16 points (94.4% liked)

Linux

65422 readers
344 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago
MODERATORS
nooter692@lemmy.ml
AgreeableLandscape@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
16
App Lock under Linux? (lemmy.ml)
submitted 2 days ago by eugenia@lemmy.ml to c/linux@lemmy.ml
18 comments fedilink hide all child comments
 

Friend asks: I would like to make an app to ask for authentication before launching. I can do that on MacOS via creating an encrypted disc image and put the app in there, and windows has robust third party tools for it. But how would you go about it on Linux, especially since it's a .deb (that gets auto-updated all the time via its repo) and not an appimage/flatpak? Others need access to the user account, but I want to restrict that one app. Creating a different user account for it is out of the question btw, since you can still change the password for that user via the primary admin account. Also, I don't want to be running full VMs that take forever to boot to use that one app. Is there any simple way to lock an app under Linux?

you are viewing a single comment's thread
view the rest of the comments
[–] Goingdown@sopuli.xyz 5 points 2 days ago* (last edited 2 days ago) (2 children)

Creating a different user account for it is out of the question btw, since you can still change the password for that user via the primary admin account.

First of all, if users have admin rights, nothing really prevents them to run that app. Even if you encrypt the app itself, they can just reinstall/replace it from standard repository.

Few ways this can be done:

  1. If app needs internet connection, you may use firewall rules to block said connections, or even application firewall (Opensnitch). Create script which unloads said rules via su (create diffrent accounts with passwords the user must know) then runs app, and after closing app loads rules again. Users must not have admin rights or they can just unload fw rules.

  2. Create encrypted container/directory, protected by password, and manually install said app under there (probably needs manual recompile of the app). Create script which asks password, unlocks the encrypted location, runs app, and locks container after use. Again, no admin rights for users or they just install same app from repositories.

  3. Use apparmor or selinux to block said app. And again create script which by using su (create diffrent accounts with passwords the user must know) allows app via selinux/apparmor policies and runs app, and blocks it again afterwards. I repeat, users must not have admin rights or they can just unload those blocks.

What app it is?

EDIT: Clarification for su usage

To have user asked password before app can be done via su + sudo like this

  • create user demouser
  • give password of that user to end user
  • give demouser sudo rights to run particular command as root without password (to unload fw rules, unload apparmor/selinux policy etc).
[–] Sxan@piefed.zip 6 points 1 day ago (1 children)

What app it is?

Porn. It's always porn.

[–] eugenia@lemmy.ml 2 points 1 day ago

No, it's something else actually.