[K12OSN] HELP how to lock down profile and more???
norbert
bear2bar at netscape.net
Mon Sep 20 14:39:52 UTC 2004
Hi Jeff,
Thanks for the process, just one question. In the list file can I just
do a "/.*" for all the dot files in the directory ?
thks
norbert
jkinz at kinz.org wrote:
>On Mon, Sep 20, 2004 at 09:24:52AM -0400, Shawn Powers wrote:
>
>
>>norbert wrote:
>>
>>
>>>Is there a "simple" way of locking down the user profiles so that the
>>>students can write/save files to there directory but cannot change ANY
>>>
>>>
>>Depending on the window manager you use -- I think KDE is able to be
>>locked down a bit... I would suggest looking at the specific
>>documentation for the desktop manager you use. (Gnome, KDE, etc)
>>
>>
>>
>>>How
>>>can users be prevented form logging in as another without this happening ?
>>>
>>>
>>Don't smack me -- but, "Change the passwords to something that other
>>users don't know" comes to mind... :)
>>
>>Seriously though, users should not be able to log in as each other anyway...
>>
>>
>
> [[ SMACK! ]]
> oh, sorry, man. I slipped. :-)
>
>
>There are scenarios where you don't want user's to be able to change
>their profiles/setup info even when they can only login as themselves.
>
>One way to do this is to have all the user's .profile files, and other
>relevant dot files be owned by root, but be readable and executable
>by the user.
>
>for user in `cat listofusers` ; do
> cd ~${user}
> for file in in `cat list` ; do
> chown root $file
> chmod 755 $file
> done
>done
>
>You have to create the files "listofusers" and the file "list"
>
>The contents of "list" is the gotcha. Exactly which files
>need to be kept frozen and which ones must the user be allowed
>to modify is very important. For example the browser cache must be
>writable by the user, but some browser proxy settings shouldn't be.
>(etc...). If you only have a few things to worry about this solution may
>be OK for you.
>
>If you have a lot of things to freeze, a better solution is to use
>some kind of kiosk mode, which I understand KDE has added to the KDE
>"system". I haven't used this yet but I understand it does work now
>(though newish).
>
>If it does what you want, it might be the best way to go.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20040920/e02f1a8c/attachment.htm>
More information about the K12OSN
mailing list