[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-uk-schools
Subject:    RE: [suse-linux-uk-schools] Network migration starting with
From:       Paul Cooper <pgc () openadvantage ! org>
Date:       2005-05-12 11:18:47
Message-ID: 1115896727.21087.49.camel () gentoo-ltsp ! openadvantage ! dom
[Download RAW message or body]

On Thu, 2005-05-12 at 10:41 +0100, Thomas Adam wrote:
> > Menu locking and altering from a central location (folder redirection
> > in
> > group policy)
> 
> Menu locking would best be done via changing perms on ~/.kde or
> ~/.gnome 

In Gnome the more "official" way to lock down menus and other settings
is to use gconf, see the Gnome Sys admin guide
http://www.gnome.org/learn/admin-guide/2.6/ which unfortunately hasn't
been updated since 2.6 (it'll all still work but there might be newer
stuff we're missing out on). I've used this to set defaults, but could
quite easily have set mandatory policy (also for things like preventing
users opening a terminal).

RedHat are working on a system called Sabayon to make doing this alot
easier http://www.gnome.org/projects/sabayon/ Probably not ready for
prime time yet unfortunately.

> > Home folder located on a server
> 
> Many ways you can do that.  Samba, for instance.

If you're talking about linux -> linux sharing then NFS much better way
of sharing /home (and much easier to setup) and still use samba to share
the same files to any legacy windows machines 

> > Authentication from a Linux server basically replace active
> > directory, as I
> > won't need it if my workstations are a Linux distro.
> 
> Samba again.

You could use LDAP and PAM for this.

> > Taking drive visibly away from the file manager so they just see
> > their home
> > folder and any shares
> 
> You can lock them in, using a variety of methods, although restricting
> users in this way has always been a bit of a black art.  You could use
> a chroot-jail, but this would involve having to recreate a lot of the
> top-level directories within one's $HOME -- something that's probably
> not desireable.  You might get away with setting their shell to
> 'rbash', if you want to really lock them down.

Well this isn't much help, but users wont see the rest of the system
unless they go looking for it - open save dialog default to $HOME or
some subdirectory of it (e.g. $HOME/Documents). Even if users do start
digging around the system they can't do any damage because they don't
have permission to. Also you should be careful locking them into $HOME
if you also want to allow access to cdroms, floppies or usb drives,
since they will be mounted in /media

Paul

-- 
Paul Cooper                    |  Tel: 0121 634 1620
Assistant Director             |  Fax: 0121 634 1630
OpenAdvantage                  |  http://www.openadvantage.org


-- 
To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com
For additional commands, e-mail: suse-linux-uk-schools-help@suse.com

[prev in list] [next in list] [prev in thread] [next in thread]