Need Policy Editor for Ubuntu

I am installing ubuntu on guest computers in my apartment complex and need a policy editor to restrict standard users from accessing certain programs etc. I have an Admin account and a Standard user account. I need to be able to configure the permissions and such for the standard user account. I am aware of the Guest account but am unaware of just what all it lets people do. Since these machines are rarely turned off, it would be nice to just restrict people.

What do you want them not to use?

You might be able to use AppArmor for this and also basic file permissions. im not overly familiar with AppArmor.

mostly not access system utilities and install apps. I know they are not in the sudoers wheel but I just want to ensure they cant make any changes to the system aside from typing papers, listening to music, youtube, and basic web browsing. I do have tools like GIMP and Darktable installed for their use too.


Will puppet do user restiction?

Either way if you have a number of computers somthing like puppet will be useful for managing them and rebuilding if need be.

They wont be able to.

AppArmor is what you want, the more im reading about it the more it seems like the tool you need. Though youll likely not need to change much.

Only thing you might consider is removing the default users group if one exists if you have more than one user on the system (so they cant edit eachothers files)

but how do i acceess apparmor? it is installed by default

lol, yeah puppet is the industry standard for enterprise administration.

but i dont have a puppet master machine. If they give me one, sure.

Yeah, but you have an internet connection, and you use linux don't you?

Its probably not the answer your looking for but you going to have to go google info about it, get some tutorials, set up a test system and probably try a little trial and error until you get to grips with the basics of the application.

Puppet may also sufice as @thirdmortal suggests, worth looking into.

Id have to run that by the boss. Besides, I change my setup frequently or relatively frequently

It's as simple as writing a script. You could administor 20000 pc's from 500 different locations if you wanted to.

Either way, I'm sure you'll work it out.

i got the go ahead to convert a machine into the Puppet Master. Now to set it up for ubuntu 14.10. Ill have to apparently setup static IP addresses for the machines. Tricky since they are wireless clients and I dont have direct access to the router.

Ive pretty much for the time being resorted to using the Guest Account and customizing it. Now on to cloning drives with clonezilla

Any changes made in the Guest Account will be cleared after they log out.

How many computers are you managing?

Ubuntu Landscape is free for 10 machines or less. I wouldn't pay for it for what your trying to do but if your only managing a few machines you can get some enterprise grade features with that for nothing :)

If your running guest computers than you should really run LTS (14.04).

More stable and supported for 5 years.

but, the intel drivers latest stack is for 14.10 and up. Plus, I will be keeping the distro up to date as it goes. LTS can suck it. I have made a image backup for instant restore as it is.

The Intel drivers are unnecessary and you can always install the (slightly) older ones.

So how many machines are you managing?

From Ubuntu version 13 onwards the "Users and Groups" GUI changed to something that is pretty weedy, with just a handful of features, total crap really. This applies to any Ubuntu 13 onwards based distro too, like Linux Mint. In order to get over this total disaster, I like to install the old Gnome systems tools as it gives me a lot more options. In a terminal enter:

sudo apt-get install gnome-system-tools

After you end up with this:

Notice the "Manage Groups"

And the "Advanced Settings"

Hope this sorts you out!

Mint 13 was built on Ubuntu 12.04