How to set an executable white list?

Posted by izabera on Super User See other posts from Super User or by izabera
Published on 2012-07-03T14:53:08Z Indexed on 2012/07/03 21:18 UTC
Read the original article Hit count: 205

Under Linux, is it possible to set a white-list of executables for a certain group of users? I need them to be unable to use, for example, make, gcc and executables on removable disks.
How can this be done?

Edit, let me explain better.

I'm dealing with a high school IT system, young geeks that (during the lessons) want to play, surf the net, damage those computer however they can. The major step to achieve this goal was to remove the system they're familiar with and install Ubuntu in all the computers. This actually works quite well, but recent events proved that this is not enough.
I want to allow them to execute certain safe programs, like Open Office, and to deny any other program, whether it is preinstalled software, something they carry in usb drives, a downloaded program or a script they program on site.
It's possible to remove the 'x' permission on any file on the pc, but of course it would be impractical. Furthermore, they would be able to run anything they download.
I thought the best solution would be to make a white-list of safe programs and to deny anything else, but I don't really know how to do it. Any idea is helpful.

© Super User or respective owner

Related posts about permissions

Related posts about user-accounts