On Thu, 13 Jun 2002, Jon Gaudette wrote: > Here's the thing though. I am planning a HUGE migration from Microsoft > to Linux in a K-12 school system. This includes servers AND > workstations. Now, trust me, I'm not fan of Microsoft, I downright > despise them. However, would any kid in the network get his hand on a > workstation and be able to start changing the root password?
probably. so what's the problem? :-) seriously, precocious students have been hacking windows boxes in schools for years -- what makes you think they're going to treat linux boxes any differently? they'll figure out almost immediately how to boot from the CD in rescue mode, how to boot in single-user mode, how to make boot diskettes, etc. and there's no way you're going to stop them. but, as i said, what's the problem? in your own words, they're "workstations". they better not store any critical information. and as long as they don't, if they get hacked, no big deal -- reinstall using kickstart or something. you yourself refer to "servers" as well, and *those* are the machines you want to keep physically secure, in a locked room, accessible only to administrators. let me recommend a second approach -- social engineering. as i said, precocious students are going to want to hack. so give them a machine or two that they can hack the daylights out of. let them install and re-install to their heart's content, and that should keep them happy. at the same time, though, make a firm policy about no hacking on the production workstations. have a posted policy that *anyone* caught doing unauthorized activity on a production box will lose all workstation privileges *immediately* and *permanently*. i think you'd be surprised how people will not be willing to take that chance, especially if they have other machines that they *can* play on. i didn't mean to ramble on like this, but it sounded like you were trying to hold linux up to a pretty unreasonable standard, compared to how most people just assume windows is a complete sieve when it comes to security. rday _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list