10.9 Profile Manager - Restrictions on Apps

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

10.9 Profile Manager - Restrictions on Apps

The Mac OS X Server Mailing List mailing list
We’re looking to restrict a group of users in regards to the apps they can use.  I understand the list of specific Apps is based on the Apps installed on the server.  As we’re not interested in installed suites of Developer apps, I thought we could use the Allow Folder and Disallow Folder options.

My ideal setup would be

Allow:
/System
/Library
/Applications
~/Library
~/bin

Disallow:
/Users/Shared
~/

Essentially, this would block any apps where a Standard User would typically install - but give them access to a user-level bash and the ability to download home-brew, mysql and various command-line tools.

The issue is; "Disallow ~/" seems to supersede  “Allow ~/Library, ~/bin”, meaning a user cannot run apps within those folders - including bash.  Does anyone have a creative solution to such a problem?

Thanks in advance.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Loading...