[K12OSN] few questions

Gentgeen gentgeen at linuxmail.org
Sun Jul 30 21:48:55 UTC 2006 

On Sun, 30 Jul 2006 11:32:48 -0700
"Jim Kathan" <tkathan at charter.net> wrote:

> I am finalizing my setup for the new school. 
> 
> Within the lts.conf file, how specific can I make custom settings per
> Mac Address (which will each be linked to user logins, ie., specific
> staff members). I want some teachers to be able to change their
> desktops, etc., and other things, but some users not to. I don't want
> any of the students to be able to modify things.

I am not aware of a way to make a terminal match up with a particular
user, but I don't think that will matter any to the outcome I think you
want.  With (K12)LTSP, any user can login at any terminal, but the users
settings will "come" with them.

One way would be to Make separate group accounts (staff, students,
admin, whatever) then make the config files writable for those groups
that you want to be able to write.

Another thought (and maybe easier).  Lock down the kids only.  Let the
staff do what ever.

I am guessing from this email you are not too familiar with Linux.  All
the personalization (desktop changes, Window manager choices, etc) can
be done from within the users home directory.  (usually
/home/$USERNAME ).  Since that directory _has_ to be writable, then you
have to "pre load" it with the config files, and make the config files
unwritable (is that a word?).

What I did for my kids (I have LTSP set up at home, and the 3 kids all
have a login) was to make the set-up exactly like I wanted.  I logged in
as 1 of the kids, then configured Rox, IceWM, XMMS, Firefox, etc.  I
made sure to define everything, left nothing to default (like with
IceWM, there are 6 or so files used to configure it. I used all 6, not
just the typical ones.)  Once that was done, I used chown and made them
all owned by root.  Once that was done, I copied them all to each of the
kids folders.  Not sure how you would want to do that for a large # of
users, but it does work.  (NOTE: be careful of some of your changes. 
For
example, if you want to lock down Firefox, but NOT the bookmarks, then
be sure NOT to change the ownership of the bookmarks.html file)
   
> 
> Also, can I completely prevent people from saving their files and
> documents to the root folder? Or are they locked out by default, if
> they are not logged in as root.
> 

As noted, the general user will not be able to write anything outside
his/her home folder.

> My colleague brought up a good point, which was that we have to test
> and 'break' everything before the users get in so I can know how
> secure Fedora is with Gnome as the interface. He wanted me to login as
> non-root and see how destructive I can be.

Great idea, but I would put money down that you (or the kids) will not
be able to "break" something.  They may mess up there personal settings,
but that will not "break" others settings. In fact, I would add to that
bet with "you, with the root password, will more then likely break 
something before they do".... it is not a jab on your skills, just a 
statement of fact that I think many on this list will agree with.

If they mess up their own settings, then just wipe it out and replace
it with your "default" setup. (Example: They mess up Firefox some how,
then just `rm -rf /home/$USERNAME/.mozilla` and then put your default
set up back in there... or just let them restart it with the standard
setup)

> 
> I am basically out of time for all this, so I was wondering if anyone
> had any wisdom to share, if they have gone over these things already.
> 
> Thanks in advance!
> 




-- 
http://gentgeen.homelinux.org

#############################################################
 Associate yourself with men of good quality if you esteem    
 your own reputation; for 'tis better to be alone then in bad 
 company.        - George Washington, Rules of Civility

More information about the K12OSN mailing list