Matt, Good thinking! I back that up. I am doing the same at my school.
Given that IceWM doesn't show a menu entry if the user hasn't got enough rights to the associated application, I am _experimenting_ with a specific GID for every app I let them use, ie. LTopera for Opera, LTacro for Acrobat Reader, etc. I then chown the app to its specific group and give no rights at all to members of other groups. When a user needs to be able to use an application I make him/her a member of the specific group and automagically (s)he gets to see the menu item. The overall advantage of this twisted procedure is that I still have one centralized set of config files for IceWM, instead of slightly modified versions floating around the server's HD for each user with personal requests.. But please remember that all of this is still in an experimental pre-alpha stage. No warranty whatsoever ... ;-) Wouter On Tuesday 05 March 2002 23:38, you wrote: > Keep people away from xterm or any terminal type login (that's > how I do it) > > I give them nothing but icewm and it only has shortcuts to the > apps that they need to use if they need more they call me and > I give them more. > > I know that obscurity isn't security but it is a good start. > > Matt > > > -----Original Message----- > > From: Hans Ekbrand [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, March 05, 2002 3:21 PM > > To: [EMAIL PROTECTED] > > Subject: [Ltsp-discuss] k12os [was Re: hardware demands for > > Server when having 160 client computers?] > > > > On Tue, Mar 05, 2002 at 03:18:33PM -0500, Julius Szelagiewicz wrote: [wdb: snip...] > > Since I might go and offer LTSP to some schools around here, > > I find your information most valuable Julius. I had a glance > > at k12linux web site, but I did find it lacking in the > > security area. I remember that security problem often > > plagued the administrators at your high school, and many of > > us students used most of the time hacking/cracking in those > > labs (not me though). > > > > Limiting users cpu load is one problem. Another one is if > > one user do disk-access-intensive things like: > > > > grep -r foo / > > > > How do people on this list handle security problems like > > these with ltsp in, say high-schools? > > > > Hans Ekbrand _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
