[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: EDU Win Lab
On Sat, 8 May 1999, Harry McGregor wrote:
> On Sat, 8 May 1999, Michael A Hamblin wrote:
>
> I have been hacking around linux for about 4 years now, and am very versed
> in the security of multiple users, etc. My problem with this lab comes
> from securing things from the user themselves. I don't want a student to
> mess up their own desktop settings. I was hopeing that some else had
> already tried to secure KDE in this way, but I guess I will have to sit
> down and spend a few hours figureing out which files need write access,
> and which ones do not.
I haven't tried to 'lock down' kde, although it seems like it would be
relativly simple, as all the kde configurations are stored in ~/.kde ...
if nothing else just make a soft link to a system kde file. I haven't
tried this though to see if kde would complain...
> I have been able to show the lab tech at this school how to do basic
> things, like ssh into a system, do a killall -9 soffice.bin when students
> try to open star office 18 times ( have you ever seen a linux box with a
> load over 50? try opening star office 18 times, in one go).
Hehehe... I've seen it go rather high before on DucTape. One thing you
might try looking into is a PAM module that limits the number of processes
a user can run. I'll have to see if I can find more info for you on it.
What happened on DucTape is that a user uploaded an a.out file that had
been compiled:
main() {
malloc(1000000);
fork();
}
Naturally that filled memory and made the system unusable. After we
configured the PAM module, this program slowed the machine down a little
but left it generally usable for the rest of the users until an admin
could get in and kill it.
> Ghost is not free, but it does work well off of a network boot disk (so
> would your dd method, just use a file. The good thing with ghost (could
> be done with tar as well), is that the partitions do not need to be the
> same size, or identical drives/partitions.
That's true, but I suspect that if the Windows partition is small (lowest
common denominator) that even a raw dd of the small hard drive to a large
one would still work fine, even if it does waste some space. But space
wasting isn't a big deal :) I've never tried to do this with tar, but I
seem to recall somewhere about someone using it like we're describing
here successfully.
--
Michael Hamblin http://www.utdallas.edu/~michaelh/
michaelh@utdallas.edu http://www.ductape.net/
UTD Linux User Group Engineering and Computer Science Support x2997