enforce screensaver for all users of a system?
Matt Morgan
minxmertzmomo at gmail.com
Wed Dec 15 16:12:34 UTC 2004
On Tue, 14 Dec 2004 20:27:33 -0500, Steven Bonneville
<sbonnevi at redhat.com> wrote:
> Ed Wilts wrote:
> > Without thinking about it too hard, I'd create my own system-wide
> > .xscreensaver file. Then, at user creation time, create a symlink to
> > the system version and make the symlink owned by root with no user write
> > access. I obviously haven't tested this to prove that it works without
> > breaking anything either.
>
> Won't work; the home directory is probably user-writable, so the user
> can just delete the symlink. Remember, if you have write on a directory
> you can create or delete files in that directory (even if you don't own
> them, if sticky bit isn't set on the directory). I suspect you'd need to
> have ~/.xscreensaver be an actual copy of the file and set it immutable
> with chattr +i to make this approach work.
Thanks. That comes very close to working. It works for all existing
users and homedirs on each station, but we just tried it, and that
immutable attribute does not copy over from /etc/skel for new users.
So there's still a complication when a new user sits down at a station
(we're doing network authentication against our Windows Active
Directory, so people can sit down at any computer without having a
local account previously created there).
We're using pam_homedir to dynamically create new home dirs for users
who log in at a station for the first time. So we're going to look
into pam_homedir and see if it has hooks to run scripts on files it
creates (it's all pretty new to us). So we could then programmatically
run chattr +i on the new .xscreensaver /after/ it's copied from
/etc/skel.
Thanks,
Matt
More information about the fedora-list
mailing list