[K12OSN] HELP how to lock down profile and more???

norbert bear2bar at netscape.net
Mon Sep 20 14:39:52 UTC 2004 

Hi Jeff,

Thanks for the process, just one question. In the list file can I just 
do a "/.*" for all the dot files in the directory ?

thks
norbert

jkinz at kinz.org wrote:

>On Mon, Sep 20, 2004 at 09:24:52AM -0400, Shawn Powers wrote:
>  
>
>>norbert wrote:
>>    
>>
>>>Is there a "simple" way of locking down the user profiles so that the
>>>students can write/save files to there directory but cannot change ANY
>>>      
>>>
>>Depending on the window manager you use -- I think KDE is able to be 
>>locked down a bit...  I would suggest looking at the specific 
>>documentation for the desktop manager you use.  (Gnome, KDE, etc)
>>
>>    
>>
>>>How 
>>>can users be prevented form logging in as another without this happening ?
>>>      
>>>
>>Don't smack me -- but, "Change the passwords to something that other 
>>users don't know" comes to mind...  :)
>>
>>Seriously though, users should not be able to log in as each other anyway...
>>    
>>
>
>    [[ SMACK! ]]   
>    oh, sorry, man.  I slipped.   :-)
>
>
>There are scenarios where you don't want user's to be able to change
>their profiles/setup info even when they can only login as themselves.
>
>One way to do this is to have all the user's .profile files, and other
>relevant dot files be owned by root, but be readable and executable 
>by the user.
>
>for user in `cat listofusers` ; do
>    cd ~${user}
>    for file in in `cat list` ; do
>        chown root $file
>        chmod 755 $file
>    done
>done
>
>You have to create the files "listofusers" and the file "list"
>
>The contents of "list" is the gotcha.  Exactly which files
>need to be kept frozen and which ones must the user be allowed
>to modify is very important.  For example the browser cache must be
>writable by the user, but some browser proxy settings shouldn't be.
>(etc...).  If you only have a few things to worry about this solution may
>be OK for you.
>
>If you have a lot of things to freeze, a better solution is to use
>some kind of kiosk mode, which I understand KDE has added to the KDE
>"system". I haven't used this yet but I understand it does work now
>(though newish).
>
>If it does what you want, it might be the best way to go.
>
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20040920/e02f1a8c/attachment.htm>

More information about the K12OSN mailing list