12.4. Controlling User Access to applications

You may want to restrict some applications only accessible by some specified users. The trick to do this is to make use the Unix file system security. You should create a user group and add those users to that special group. Then you should chnage the permissions and group ownership of the files which belongs to that application to only accessible to that group. Typical file mode for binary files are 0750 (-rwxr-x---) to make sure "others" don't get read access.

The following example illustrate how to control only a group of people to use Win4Lin. Assume Win4Lin is already setup in your Aptus server. First of all, create a user group called "winusers" . Then add the desired users to the group "winusers" . Login as root at the server and do the following.

chgrp -R winusers /opt/win4lin chgrp -R winusers /var/win4lin chmod -R o-rx winusers /opt/win4lin chmod -R o-rx winusers /var/win4lin

This will make sure that only users belongs to the group "winusers" get access to the Win4Lin files.