Friend asks: I would like to make an app to ask for authentication before launching. I can do that on MacOS via creating an encrypted disc image and put the app in there, and windows has robust third party tools for it. But how would you go about it on Linux, especially since it’s a .deb (that gets auto-updated all the time via its repo) and not an appimage/flatpak? Others need access to the user account, but I want to restrict that one app. Creating a different user account for it is out of the question btw, since you can still change the password for that user via the primary admin account. Also, I don’t want to be running full VMs that take forever to boot to use that one app. Is there any simple way to lock an app under Linux?
Make your app (flatpak, snap or appimage) be owned by another user.
Use a .desktop, wrap the command in the graphical equivalent of “sudo -u” for your graphical shell, and it will ask you for that user’s password.
You can also write a util to decrypt an encrypted .tar.gpg flatpak directory (flatpak lets you specify different installation paths, you can use that to separate it from the main flatpak dir), or decrypt a .appimage.gpg, and execute it. You could even write a wrapper to install a flatpak with a specific password, and it would automatically pick that specific install dir and .tar.gpg it every time.
Keep in mind that nothing keeps your other users from downloading that software on their own and using another copy of it unless you use parental controls.
I highly recommend giving them their own account though.