Score:0

How can access to certain settings be restricted for my customers?

in flag

I am delivering a Linux virtual machine file as an "appliance" to my customers. The appliance runs some scripts and provides our services to them. I preconfigure this appliance image for each customer before sending it to them. The customer is never given the root or admin password at all.

I wish to allow customers the ability to change the appliances hostname and IP address but nothing else, or as little as possible as others have made clear its not possible to lock the customer entirely out as they have access to the raw disk. How would I go about doing so?

I assume I need to grant access to the netplan YML and hostname files but nothing else?

galexite avatar
pk flag
Either way, your customer will still be able to overcome any restrictions you place on your image, because they have direct access to the root file system. Are you looking to minimise configuration, to make the appliance easier to manage?
user535733 avatar
cn flag
This seems like a more appropriate use case for Ubuntu Core instead of Ubuntu Server.
galexite avatar
pk flag
@roog, it doesn’t matter if your customer is not given the root password, because they can mount the filesystem on their machine and change any configuration file they want. They can also change the password hash, or remove it entirely.
roog avatar
in flag
@galexite Yes, minimise config for the customer to stop them accidently changing things that will break its operation. I am not concerned about them mounting the root file system and making changes because if they go that far then they are certainly going to make or break something. I just want to restrict them as much as possible.
galexite avatar
pk flag
I think you would probably be interested in _immutable_ operating systems, which have read-only filesystems built upon layers of configuration and package changes. These include Silverblue, CoreOS and NixOS. I’m not sure about Ubuntu Core, but I’m sure there is a similar feature in Core. Alternatively, have you considered running your application in a Docker container on a container-based OS, like Rancher?
galexite avatar
pk flag
Rancher is discontinued now, but there is also balenaOS and MicroOS.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.