[K12OSN] Ok, so for the *dumb* questions?

Burke Almquist burke at thealmquists.net
Wed Jan 16 00:34:16 UTC 2013

On Jan 15, 2013, at 8:30 AM, me wrote:

> Hi All
> Instead of using the 'login window' I [ctl][alt] to F3 and got to a bash prompt on the
> thin client.  This did NOT show the normal login and dumped me into the filesystem "/".
> 'whoami' says I am root. I have trouble with this as it is a BIG security problem.
> Sure, I can fix that by not setting SCREEN_?? in the lts.conf, but what if I forget?  I
> guess that it would only affect the filesystem on the client, but ssh IS available (
> yes, have a good password AND not on the usual port ) so some nefarious no gooder could
> possibly bang at the server. Oh, and yes I could ssh to the server and login; didn't ask
> me the usual 'accept' question though.
It's not ideal, but OTOH if the students have physical access to the network (a room with a network jack in it), then they certainly could do far worse things, like booting the client from a usb stick with their own malicious tools or sneaking a laptop onto the network. If you are practicing defense in depth, then you assume that even internal users might behave maliciously and set your security accordingly.

As for ssh 
I've found these suggestions helpful.

> Next, there are no errors in Xorg.1.log but boot.log was another matter:
> Mounting local filesystems: FAILED
> Starting NFS statd:         FAILED
> Setting NIS domain: not found FAILED
> the local filesystem failure is probably moot, but I don't know about the other two.
> bash-4.1# [startx] dies - module mach64 not found - so ima gonna go and figure out where
> that is!
This makes me wonder EL6 has drivers for your video. How old is the video chipset on those clients?
Have you tried setting up a chroot using a FC11?

> It will work ....someday.... sigh!

More information about the K12OSN mailing list