For restricting access, is there a configuration file for the Gnome
menus that I could manually edit and set it where a sudo password would
be required for the items?
Gavin McCullagh wrote:
On Tue, 01 Aug 2006, Brad Thomas wrote:
I have a default install of Edubuntu, and my clients are connecting
without any problems. However, there's two things that I need to get
done before I can put this in a live environment:
1. I have 2 nics in the server. One connects to the main network
(eth1), and the other is for the Edubuntu lab that the clients connect
through (eth0). However, I need to figure out a way to prevent my
client computers from being able to hit eth1, because I do not want them
to be able to access my network. How can I do this?
So I think you want the thin client computers to be unable to see the main
network? Given that as thin clients they are actually running programs on
your server this is not trivial.
a. You can use iptables (or something higher level like shorewall) to
restrict what connections are allowed to the main network zone (beyond
eth1) from the local machine and from the thin client network zone
(behind eth0). This will also restrict _you_ if you are a user on the
server so you might need something more sophisticated.
b. It is possible with iptables to apply restrictions on locally generated
packets based on the "packet creator". So, you can say
"--uid-owner userid"
in order to say that only certain users can connect to the main network
in certain ways. I've never done this myself and it is not trivial if
you haven't used iptables before.
2. I am trying to figure out a way to remove applications from the menu
that the clients will not (and should not) have access to. I guess I'm
looking for a KIOSK that will work with Gnome. Any suggestions?
You could always just use apt to remove the applications from the LTSP
chroot environment? That way they are there on the server but not for thin
clients.
RedHat documents lockdown of GNOME here but not really available programs:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/desktop-guide/s1-ddg-lockdown-other-kiosk-configs.html
Sun also has docs here:
http://docs.sun.com/app/docs/doc/817-5310/6mkpbn3up?a=view
Note that if you remove the programs from the menu there is often nothing
stopping the user running them from the command line. They need to either
be removed completely or be restricted permissions to be secured from users
(the latter is not trivial to maintain).
Gavin
|
--
edubuntu-users mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
