Fine tuning Edubuntu
bthomas at psysolutions.com
Tue Aug 1 20:50:05 BST 2006
For restricting access, is there a configuration file for the Gnome
menus that I could manually edit and set it where a sudo password would
be required for the items?
Gavin McCullagh wrote:
> On Tue, 01 Aug 2006, Brad Thomas wrote:
>> I have a default install of Edubuntu, and my clients are connecting
>> without any problems. However, there's two things that I need to get
>> done before I can put this in a live environment:
>> 1. I have 2 nics in the server. One connects to the main network
>> (eth1), and the other is for the Edubuntu lab that the clients connect
>> through (eth0). However, I need to figure out a way to prevent my
>> client computers from being able to hit eth1, because I do not want them
>> to be able to access my network. How can I do this?
> So I think you want the thin client computers to be unable to see the main
> network? Given that as thin clients they are actually running programs on
> your server this is not trivial.
> a. You can use iptables (or something higher level like shorewall) to
> restrict what connections are allowed to the main network zone (beyond
> eth1) from the local machine and from the thin client network zone
> (behind eth0). This will also restrict _you_ if you are a user on the
> server so you might need something more sophisticated.
> b. It is possible with iptables to apply restrictions on locally generated
> packets based on the "packet creator". So, you can say
> "--uid-owner userid"
> in order to say that only certain users can connect to the main network
> in certain ways. I've never done this myself and it is not trivial if
> you haven't used iptables before.
>> 2. I am trying to figure out a way to remove applications from the menu
>> that the clients will not (and should not) have access to. I guess I'm
>> looking for a KIOSK that will work with Gnome. Any suggestions?
> You could always just use apt to remove the applications from the LTSP
> chroot environment? That way they are there on the server but not for thin
> RedHat documents lockdown of GNOME here but not really available programs:
> Sun also has docs here:
> Note that if you remove the programs from the menu there is often nothing
> stopping the user running them from the command line. They need to either
> be removed completely or be restricted permissions to be secured from users
> (the latter is not trivial to maintain).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the edubuntu-users