Comment 13 for bug 286529
Revision history for this message
| manic (nicolas-launchpad-iselin) wrote Re: Should not be able to restrict first user | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I have the following situation: I have multiple PCs that I am responsible for, I force every person to have same uid on all my PCs. On many locations (Kids home, my home, grandparents) the Kids have a login and there are different grown-ups around to restrict kids access. None of the grown-ups (except me) has admin rights. All grown-ups should be able to restrict the access of all kids, but no grown-up should be able to restrict another grown-up.
My setup for timekpr is as follows:
/etc/sudoers:
...
User_Alias TIMEKPRS = administrator, parent1, parent2, grandpa, grandma
...
TIMEKPRS ALL=(root) NOPASSWD: /usr/bin/
this survives a reinstall of timekpr. However, the next fix I apply always manually after a reinstall.
/var/lib/
def isnormal(username):
...
elif userid == 1001 or userid == 2000 or userid == 2004 or userid == 2005 :
return False
...
of course, 1001=parent1, 2000=parent2, 2004=grandpa, 2005=grandma.
I don't think this is the best implementation, but it is the simplest for me. I think it is very important, that you DO NOT use a "root" group to determine the "grown-up/kid" state. Maybe creating an own group "timekprs" would make sense...