how to restrict user from running some downloaded prgm?

Jon Solberg wrote:
> Guagua said the following on 2005-08-13 02:29:
>
>
>>Well, for the reason part, here is a similar scenario. It's working
>>environment (in school). Some asian students work there. They have
>>incentive to download a different version of browser, since the shared
>>browser doesn't have their native language package.
>
>
> Then download the language package and install it for them. Add user
> policies that everybody has to sign before using the system(s) (like
> they are only to use them for work/studying purposes). Problem solved.
>

Are you kidding? How naive. I suppose we should just get all of our
citizens to sign a piece of paper agreeing not to commit any crimes. We
could then get rid of our police forces. Wait! Wait! I've got a solution
to end all war!

<snip>

Rich Piotrowski
--
"Now are you talking about what it is you know
or just repeating what it was you heard."
Grace Slick
To E-mail use: rpiotro(at)wi(dot)rr(dot)com

Rich Piotrowski wrote:
> Are you kidding? How naive. I suppose we should just get all of our
> citizens to sign a piece of paper agreeing not to commit any crimes. We
> could then get rid of our police forces. Wait! Wait! I've got a solution
> to end all war!

The difference being that corporate policies tend to be enforced.

We all signed agreements about what we could and couldn't do with
corporate resources where I work. Several people have been fired for
violating them. It works in many companies/government departments...

Regards,
Steve Webster

Stephen Webster wrote:
> Rich Piotrowski wrote:
>
>> Are you kidding? How naive. I suppose we should just get all of our
>> citizens to sign a piece of paper agreeing not to commit any crimes.
>> We could then get rid of our police forces. Wait! Wait! I've got a
>> solution to end all war!
>
>
> The difference being that corporate policies tend to be enforced.
>

<soapbox> I see. Unlike U.N. resolutions. </soapbox>

> We all signed agreements about what we could and couldn't do with
> corporate resources where I work. Several people have been fired for
> violating them. It works in many companies/government departments...
>

Same here. We too have a computer use policy and I enforce it. However,
it is much better for all concerned to simply remove the source of the
temptation where ever possible. I have better things to do than waste a
lot of time tracking down scofflaws.

> Regards,
> Steve Webster

Rich Piotrowski
--
"Now are you talking about what it is you know
or just repeating what it was you heard."
Grace Slick
To E-mail use: rpiotro(at)wi(dot)rr(dot)com

On Fri, 12 Aug 2005 10:29:56 -0700, ynotssor wrote:

> "Guagua" <dingguagua@gmail.com> wrote in message
> news:1123864628.553385.208660@z14g2000cwz.googlegr oups.com
>
>> For example, user can download another version of some program (like
>> mozilla), and install in their own directory(like run
>> ./mozilla-install-bin). But I don't want them to do that, since they
>> should really use the shared one in /usr directory. One way to do that
>> is to prohibit them from running the installation program. How could I
>> do that? Or any other ways?
>
> You should really examine the reason why you feel such a need to
> micro-manage your users.


Hmmm, I think not. Isn't the point of this discussion to provide
information on mechanism ? Wouldn't policy be off topic ?

I read an earlier posting that mentioned that mounting /home and /tmp as
noexec would be ineffective. I thought that it would be. I'd like to
know why it isn't. These questions simply don't involve questions of
policy.

On Fri, 12 Aug 2005 18:07:13 -0700, ynotssor wrote:

> "Guagua" <dingguagua@gmail.com> wrote in message
> news:1123892970.945702.243280@g49g2000cwa.googlegr oups.com...
>
>> Well, for the reason part, here is a similar scenario. It's working
>> environment (in school). Some asian students work there. They have
>> incentive to download a different version of browser, since the shared
>> browser doesn't have their native language package. However, their
>> incentive isn't out of working or studying purpose, since now they
>> can view say Japanese website for fun and entertainment. That is the
>> reason why I would like to restrict them from installing their own
>> version browsers. Is it a valid reason?
>
> No; it's pointless, as they can install their own font sets and use those in
> the public browser.
>
> Besides, who the hell are you to restrict anyone from viewing web content in
> any language of which you don't approve?

Who cares who the hell he is ? He asked a question about mechanism and
everyone in this list is all over policy ! Who the hell are you to tell
him what his policy should be ?

He's the admin. Likely as not it's not even *his* policy. He's probably
trying to implement something as distasteful to him as it is to you.
Where do you get the right to lecture him on his user's rights ? He's not
trying to restrict what they can do, he's trying to restrict what they can
do on the machines he administers.

Sheesh, I'm becomng a Usenet crank. I won't even bother to say "get a
clue", but I will suggest that folks get some context.

"Tom Rauschenbach" <tomsusenet@tomsdomain.org> wrote in message
news:pan.2005.08.25.04.40.26.563016@tomsdomain.org ...

> Who cares who the hell he is ? He asked a question about mechanism and
> everyone in this list is all over policy ! Who the hell are you to tell
> him what his policy should be ?
>
> He's the admin. Likely as not it's not even *his* policy. He's probably
> trying to implement something as distasteful to him as it is to you.
> Where do you get the right to lecture him on his user's rights ? He's not
> trying to restrict what they can do, he's trying to restrict what they can
> do on the machines he administers.
>
> Sheesh, I'm becomng a Usenet crank. I won't even bother to say "get a
> clue", but I will suggest that folks get some context.

<yawn>

ynotssor wrote:

>
> "Tom Rauschenbach" <tomsusenet@tomsdomain.org> wrote in message
> news:pan.2005.08.25.04.40.26.563016@tomsdomain.org ...
>
>> Who cares who the hell he is ? He asked a question about mechanism and
>> everyone in this list is all over policy ! Who the hell are you to tell
>> him what his policy should be ?
<snip>
>
> <yawn>
Was that mighty contribution a major effort for you, or is that sort of
thing a natural gift?

"Greg Metcalfe" <metcalfegregdelete@qwest.net> wrote in message
news:DGKPe.86$2o.3725@news.uswest.net...

> Was that mighty contribution a major effort for you, or is that sort of
> thing a natural gift?

<yawn>

"Huge" <huge@ukmisc.org.uk> wrote in message
news:dert1m$sb8$1@anubis.demon.co.uk...

> *plonk*
> Again.

Such childish drama ...