[K12OSN] HELP how to lock down profile and more???

Jeff Kinz jkinz at kinz.org
Mon Sep 20 13:48:37 UTC 2004 

On Mon, Sep 20, 2004 at 09:24:52AM -0400, Shawn Powers wrote:
> norbert wrote:
> > Is there a "simple" way of locking down the user profiles so that the
> > students can write/save files to there directory but cannot change ANY
> 
> Depending on the window manager you use -- I think KDE is able to be 
> locked down a bit...  I would suggest looking at the specific 
> documentation for the desktop manager you use.  (Gnome, KDE, etc)
> 
> > How 
> > can users be prevented form logging in as another without this happening ?
> 
> Don't smack me -- but, "Change the passwords to something that other 
> users don't know" comes to mind...  :)
> 
> Seriously though, users should not be able to log in as each other anyway...

    [[ SMACK! ]]   
	oh, sorry, man.  I slipped.   :-)


There are scenarios where you don't want user's to be able to change
their profiles/setup info even when they can only login as themselves.

One way to do this is to have all the user's .profile files, and other
relevant dot files be owned by root, but be readable and executable 
by the user.

for user in `cat listofusers` ; do
	cd ~${user}
	for file in in `cat list` ; do
		chown root $file
		chmod 755 $file
	done
done

You have to create the files "listofusers" and the file "list"

The contents of "list" is the gotcha.  Exactly which files
need to be kept frozen and which ones must the user be allowed
to modify is very important.  For example the browser cache must be
writable by the user, but some browser proxy settings shouldn't be.
(etc...).  If you only have a few things to worry about this solution may
be OK for you.

If you have a lot of things to freeze, a better solution is to use
some kind of kiosk mode, which I understand KDE has added to the KDE
"system". I haven't used this yet but I understand it does work now
(though newish).

If it does what you want, it might be the best way to go.


-- 
Linux/Open Source.  Now all your base belongs to you, for free.
============================================================
Idealism:  "Realism applied over a longer time period"

Jeff Kinz, Emergent Research, Hudson, MA.

More information about the K12OSN mailing list