Re: start a application only after asking a password

[dsr tao merseine nu]

On Mon, Aug 18, 2003 at 04:37:55PM +0200, Axel Siebenwirth wrote:
> Hallo Christoph!
> 
> Christoph Lehmann schrieb am Montag, den 18. August 2003:
> 
> > e.g. before starting gnucash... after pressing the icon in the panel I
> > would like to be asked for a password first..
> > how 2 do this?
> 
> make gnucash only executable by root, then write a startup script that
> launches gnucash using sudo/su in a terminal.
> launch that script via the panel button.
> 
> i believe thats a good way how it could work. cant try right now myself,

It's a good start, but there's no reason to make the user root, and lots
of reasons not to.

Create a user and a group -- let's say, cashuser and cashgroup. Make
the gnucash executable owned by cashuser.cashgroup. Change permissions
so that only members of cashgroup can execute gnucash.

Now, you can give users individual passworded access to gnucash by
creating secondary usernames for them which are members of cashgroup,
or you can prevent anyone except root and cashuser from running gnucash.

This still isn't a great idea, because anyone with a legitimate user
account can download and setup a different gnucash in their own home
directory. This begs the question:

What are you trying to accomplish?

If the goal is actually to keep financial information private, I
recommend the use of strong encryption. GPG will do nicely. Encrypt your
financial files, remember the passphrase, and decrypt just before usage.
Re-encrypt after use. A quick script can do this for you every time you
run gnucash.

Another solution is to get a USB keychain device and store your files
there. When you leave your machine, remember to take the keychain with
you. This can be combined with the encryption solution.

A third solution is to investigate encrypted filesystems.

-dsr-

-- 
Network engineer / pre-sales engineer available in the Boston area.
http://tao.merseine.nu/~dsr