We’re looking to restrict a group of users in regards to the apps they can use. I understand the list of specific Apps is based on the Apps installed on the server. As we’re not interested in installed suites of Developer apps, I thought we could use the Allow Folder and Disallow Folder options.
Essentially, this would block any apps where a Standard User would typically install - but give them access to a user-level bash and the ability to download home-brew, mysql and various command-line tools.
The issue is; "Disallow ~/" seems to supersede “Allow ~/Library, ~/bin”, meaning a user cannot run apps within those folders - including bash. Does anyone have a creative solution to such a problem?