[K12OSN] RE: [Ltsp-discuss] PHP-LTSP

[Jim Kronebusch]

> Hi .. it could be a nice prjct .. I can help you if you need, 
> I'm a quite 
> skilled PHP coder :-)  but.. the reason of this mail is: what 
> about security? 
> I mean that you will have to be root in order to manipulate 
> ltsp files, 
> restart services and so on .. so the security issues should 
> be considered as 
> the first step, just before coding the project .. what are 
> your ideas and 
> plans about ?

On the topic of security here is something to consider.  One thing I see
on the k12osn list a lot is tech staff wanting the ability to let
teachers or other staff use TeacherTool, but don't want to give them a
root password.  Maybe a PHP front end could help around this.  Could you
setup your .php files with .htaccess or something and be able to
delegate authority for running the php files to other staff?  But still
have the commands in the backend run as root? Maybe even a future front
end for managing a MySQL backend or text file with selective user access
and priveleges.  Say the ability to view terminals and to kill tasks,
but not to reboot terminals.  It sounds like a PHP front end could help
get around the security issues associated with TeacherTool and allow
delegation.


-- 
This message has been scanned for viruses and
dangerous content by the Cotter Technology 
Department, and is believed to be clean.