Jaime wrote:
I work in a publish school in the US and am considering LTSP for our younger students. The problem is, a significant number of them have paperwork from their parents that forbid them from using the Internet while allowing them to use computers in general. The way that we do this on our Macintosh systems is to sort students into two "workgroups." One of them doesn't allow the user to launch certain programs, e.g. web browsers, FTP clients, etc. while the other one does.
I know that Unix doesn't usually have anything like this. I figured that my best bet was to set their shells to pdmenu and then manually install .xinitrc files in each account. I could probably script this, but a savvy user could still use any text editor (or word processor with a Save As command) to change this.
Does anyone have any suggestions? I need to be sure that some students can run Firefox while others can't. Any pointers are appreciated. For background purposes, I've been running Unix and Unix-like systems (Linux, FreeBSD, NetBSD, etc.) in various ways for almost 9 years.
Thanks in advance, Jaime
Linux and Unix have permission structures on all files. You can designate each file being readable, writable, and/or executable for the file owner, group, and other (everyone else not specific to the file owner or group).
To avoid execution of the web browser by others , simply chmod o-rwx filename (i.e., chmod o-rwx firefox). Now, to make certain the people that are allowed to run a program, add those people to a group and change the group and permissions for the program .
Example:
1. ls -l firefox produces
-rwxr-xr-x 1 root root 53924 Aug 30 2002 firefox
2. If we use the group called internet to be the identifier for the people that can run the firefox browser program,
chgrp internet firefox; chmod o-rwx firefox
produces:
-rwxr-x--- 1 root internet 53924 Aug 30 2002 firefox
Thus, only root or members of the internet group will be allowed to execute the firefox program. So, even if a user was smart enough to get to a shell and know the command is firefox, they could not launch the firefox browser if they were not a member of the internet group.
Ken Cobler
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
