restricting access to Startup applications for non-root user

security permissions startup-applications

It is a directory:

~/.config/autostart

in each user directory and

/etc/xdg/autostart

for global usage (there is no need to touch that one).

  • Log in with your admin account and change the user and group to your admin account:

    sudo chown $USER:$USER /home/*/.config/autostart

    where * are all your normal users.

That will prevent them from writing. The "others" is already set to r-x so no write access.

You also need to prevent users from changing a setting called $XDG_CONFIG_HOME and that is going to be difficult ... a user can set it directly from command line for that session only.

So if you want to prevent that you likely need to also disable access to the terminal and to any altering of ~/.profile.

Related

How to correctly run AppImage and other programs in /opt?
How do I remove the ‘Please remove the installation medium, then press Enter.‘ screen?
Heroku Gunicorn Procfile
How to auto move swap back to RAM?
Counter Not Incrementing in a Simple Batch File [duplicate]
Spring 2.6.3: Failed to configure a DataSource: 'url' attribute
In Flutter, how do I pass data into a Stateless Widget?
How can the hasNext methods of Scanner "not advance past any input"?
Page doesnot scroll when nesting ListView in flutter
Split string into individual words Java
write utf-8 characters to file with fputcsv in php
Detect backspace Event in UITextField