On Mon, 1 Nov 2004, A.J. Venter wrote: > On Monday, 01 November 2004 10:34, shogunx wrote: > > Set the path of the students who are allowed network access (what, are > > these parents just wishing that their children will become garbage > > collectors?) to include a "quarantined" directory, /usr/local/bin for > > example, that includes the mozilla, netcat, ngrep, nmap, etc. binaries, > > while excluding that from the path of the students without access. Then > > chmod the users .profile so they cant change it. You can do it with chgrp > > on the binaries also. > > > Bad idea, any half smart kid would figure out how to change the path after > login (it's just an environment variable) and that you can give full paths > anyway.
Even if you chgrp it, a half smart kid will root the box with the knoppix disk he downloaded from his friends house while the teacher is on lunch hour, and be IRCing in no time. No network access on linux is like sex with no orgasm; whats the point? So we can waste more time, money and effort building secure NOC's in all the high schools, which won't really be secure, so every school now needs a computer security tech. If you tell a kid he can't do something, that is his greatest incentive to do it. Personally, I enjoyed it when I would lunch for 3 hours and then go to the beach in high school, knowing full well that the absences would disappear that afternoon when my friend had his strategically placed last period administrative office study hall. > > Chgrp'ing the binaries is the only right way to do it. > > Ciao > A.J. > -- > A.J Venter > Lead Developer, DireqLearn > 082 726 5103 > http://www.direqlearn.org > http://www.direqlearn.org/olce > http://silentcoder.co.za > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Sybase ASE Linux Express Edition - download now for FREE > LinuxWorld Reader's Choice Award Winner for best database on Linux. > http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > sleekfreak pirate broadcast http://sleekfreak.ath.cx:81/ ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
