• Troy
    link
    fedilink
    810 months ago

    KDE had a policy editor back in v2.0… honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I’m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder… Someone with more network admin experience probably knows this :)

    • Cyborganism
      link
      fedilink
      310 months ago

      Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn’t possible to installs Snaps or Flatpaks without root permission?