Setting up a restricted User account to use only APP in Linux OS and apart from that no superuser executable commands should work for user:
Create a user with adduser command.
# sudo adduser jack
Add the user in xrdp group to allow login via remote desktop.
# usermod -aG xrdp jack
Also add the user in one more group to allow access on a particular app and give access to the user on a specified application for example firefox.
# sudo addgroup newgroup (To create a newgroup)
# sudo addgroup myusername newgroup (Add a user to newly created group)
or
# usermod -aG newgroup jack
# sudo which firefox (to check the app location)
# sudo chmod 777 /usr/bin/firefox (to grant the permissions on app for owner, groups, and others)
# sudo chown root:newgroup /usr/bin/firefox (make the group owner of the application to reflect the permissions)
Login to the Linux machine via remote desktop with the newly created user id and try to access the App. You will be able to access the app but apart from that nothing will work for the user. The user would only be able to use the basic commands of Linux.
User jack has been restricted and he is not able to run any super user executable commands.
We can apply user permissions on the app as per the requirement. Below command is used to list the permissions.
sudo -l command
