[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EDU Win Lab

To: seul-edu@seul.org
Subject: Re: EDU Win Lab
From: Michael A Hamblin <michaelh@utdallas.edu>
Date: Sun, 9 May 1999 08:58:12 -0500 (CDT)
In-Reply-To: <Pine.GSO.3.96.990508215508.26750A-100000@andromeda.azstarnet.com>
Reply-To: seul-edu@seul.org
Sender: owner-seul-edu@seul.org

On Sat, 8 May 1999, Harry McGregor wrote:

> On Sat, 8 May 1999, Michael A Hamblin wrote:
> 
> I have been hacking around linux for about 4 years now, and am very versed
> in the security of multiple users, etc.  My problem with this lab comes
> from securing things from the user themselves.  I don't want a student to
> mess up their own desktop settings.  I was hopeing that some else had
> already tried to secure KDE in this way, but I guess I will have to sit
> down and spend a few hours figureing out which files need write access,
> and which ones do not.

I haven't tried to 'lock down' kde, although it seems like it would be
relativly simple, as all the kde configurations are stored in ~/.kde ...
if nothing else just make a soft link to a system kde file. I haven't
tried this though to see if kde would complain...

> I have been able to show the lab tech at this school how to do basic
> things, like ssh into a system, do a killall -9 soffice.bin when students
> try to open star office 18 times ( have you ever seen a linux box with a
> load over 50?  try opening star office 18 times, in one go).

Hehehe... I've seen it go rather high before on DucTape. One thing you
might try looking into is a PAM module that limits the number of processes
a user can run. I'll have to see if I can find more info for you on it.
What happened on DucTape is that a user uploaded an a.out file that had
been compiled:

main() {
  malloc(1000000);
  fork();
}

Naturally that filled memory and made the system unusable. After we
configured the PAM module, this program slowed the machine down a little
but left it generally usable for the rest of the users until an admin
could get in and kill it.

> Ghost is not free, but it does work well off of a network boot disk (so
> would your dd method, just use a file.   The good thing with ghost (could
> be done with tar as well), is that the partitions do not need to be the
> same size, or identical drives/partitions.

That's true, but I suspect that if the Windows partition is small (lowest
common denominator) that even a raw dd of the small hard drive to a large
one would still work fine, even if it does waste some space. But space
wasting isn't a big deal :) I've never tried to do this with tar, but I
seem to recall somewhere about someone using it like we're describing
here successfully.

--
Michael Hamblin            http://www.utdallas.edu/~michaelh/
michaelh@utdallas.edu      http://www.ductape.net/
UTD Linux User Group       Engineering and Computer Science Support x2997

References:
- Re: EDU Win Lab
  - From: Harry McGregor <micros@azstarnet.com>

Prev by Date: Re: EDU Win Lab
Next by Date: Re: EDU Win Lab
Prev by thread: Re: EDU Win Lab
Next by thread: Re: EDU Win Lab
Index(es):
- Date
- Thread