I typically use gconf <http://sayamindu.randomink.org/soc/deployment_guide/deployment_guide.html>in the event of a gnome environment. Just food for thought.
Regards, Jesse Z On Mon, Mar 9, 2009 at 10:36 PM, Matthias Johnson < [email protected]> wrote: > Interestingly a few days after asking similar questions over post Hackathon > dinner slashdot posts an article regarding this. > > http://linux.slashdot.org/article.pl?sid=09/03/09/236230 > > First (relevant) post ... answers with puppet another with cfengine and > bcfg2 which are answers to central management. Another interesting post > "Don't give them root and they can't install software. Make sure the home > directories an(d) /tmp is moutes (mounts) -noexec and there is NO WAY that > they can run programs which aren't already installed. Now they can have > free run of the system and can't do anything harmful. Still not satisfied? > Remove all executables that they shouldn't run, or make them a-rx g-rx, and > don't have users in the group able to run them." > > Although not mentioned I am guessing putting a BIOS password, removing boot > from floppy, cdrom, and usb, and locking the chassis should take care of > most physical access issues if network boots are not an option. Should > /mnt > also be set to noexec nowrite so users cannot create new mounts and bring a > portable terminal or does this create more problems than it fixes? Any > insight would be appreciated. > > > -- > Matthias A. Johnson > matthias.a.johnson aut gmail dot com > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > Mar 7 - Web Hack-a-thon - SUNY Newpaltz > Apr 1 - EC2 and Cloud Computer > May 6 - TBD > _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Mar 7 - Web Hack-a-thon - SUNY Newpaltz Apr 1 - EC2 and Cloud Computer May 6 - TBD
