Re: [Synaptic-devel] synaptic locking out password

[Vít Pelčák]

2009/3/25 Eric Duveau eric.duv...@gmail.com:
 I thought it was easier to lock removal ou reinstallation of a package.

 I do not understand why the use of metapackage would protect the removal of
 some dependant packages.

No, those packages wouldn't depend on metapackage. That metapackage
would depend on them. Then you could simply block that single
metapackage and as it would be impossible to remove it, so would be
impossible to remove packages which this metapackage depends on.

Also, another option is to try to play with SELinux or Apparmor. There
you could block root access to specific files. So even when your son
would have ran Synaptic with root permissions, he wouldn't be able to
touch specific files.

Another option is to make files you don't want to have deleted to set
as read only. This is done by sudo chmod -w file. But you will have
problems to update them. To be able to update them simply run sudo
chmod +w file

But instead of using -x and +w it is better to learn about permissions
and set access rights better by setting permissions by numbers to be
able to set permissions more exactly. By simple using +w you can give
write permissions to more users you probably want to.

Decision is up to you.

 My knowledge is not so deep, sorry for these simple questions.

Ah. Then you'll most probably wont be able to do that metapackage anyway.


 On Tue, Mar 24, 2009 at 7:58 PM, Vít Pelčák v.pel...@gmail.com wrote:

 As I said. Do metapackage which depends on packages you need
 installed, install it, remove those files.

 Package can be reinstalled, but not that metapackage, because you can hide
 it.

 2009/3/24 Eric Duveau eric.duv...@gmail.com:
  Hi,
 
  moving its files from /var/log/info is an interesting idea.
 
  Yet, I see a pb:
 
  With synaptic you can reinstall the package
 
 
  On Tue, Mar 24, 2009 at 2:35 PM, Vít Pelčák v.pel...@gmail.com wrote:
 
  What about making virtual package, which would depend on packages you
  need to have installed and lock this.
 
  Maybe, it can be rendered non-uninstallable by moving its files from
  /var/log/info (or where are preinst postinst  files stored).
 
 
 



 --
 Vit Pelcak





-- 
Vit Pelcak


___
Synaptic-devel mailing list
Synaptic-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/synaptic-devel

Re: [Synaptic-devel] synaptic locking out password

[Eric Duveau]

Michael,


I have thought about chattr but

   - it may not prevent the synaptic from shuting down iptables, tinyproxy,
   dansguardian process
   - synaptic, tinyproxy, dansguardian packages have many files, which one
   to choose to set the immutable attribute


I have to test it anyway.
Thank you for your email.


On Tue, Mar 24, 2009 at 8:33 AM, Michael Vogt m...@ubuntu.com wrote:

 On Mon, Mar 23, 2009 at 10:37:31PM +0100, Eric Duveau wrote:
  Hi,
 Hi,

  I would like to install dansguardian + iptables + tinyproxy packages
  (parental control ) via synaptic.
 
  My kid would like to use it to install new packages. (he will use sudo
  synaptic)
 
  Is there a possibility to lockout dansguardian + iptables + tinyproxy
  packages so that they cannot be removed using synaptic.
  I am thinking of a secund admin password...

 This is currently not possible with synaptic - you could try to use
 chattr and set the immutable attributes on the file for those
 packages. But I have no tested if that really works (if dpkg will
 refuse to install/remove the package then).

 Another alternative is rapt
 (https://code.edge.launchpad.net/~mvo/+junk/rapthttps://code.edge.launchpad.net/%7Emvo/+junk/rapt).
 It allows you to
 prevent the user from removing packages. But its commandline so
 probably not the right solution for your kid.

 Cheers,
  Michael

___
Synaptic-devel mailing list
Synaptic-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/synaptic-devel