Fine tuning Edubuntu

Brad Thomas bthomas at psysolutions.com
Tue Aug 1 20:50:05 BST 2006 

For restricting access, is there a configuration file for the Gnome 
menus that I could manually edit and set it where a sudo password would 
be required for the items?

Gavin McCullagh wrote:
> On Tue, 01 Aug 2006, Brad Thomas wrote:
>
>   
>> I have a default install of Edubuntu, and my clients are connecting 
>> without any problems.  However, there's two things that I need to get 
>> done before I can put this in a live environment:
>>     
>
>   
>> 1. I have 2 nics in the server.  One connects to the main network 
>> (eth1), and the other is for the Edubuntu lab that the clients connect 
>> through (eth0).  However, I need to figure out a way to prevent my 
>> client computers from being able to hit eth1, because I do not want them 
>> to be able to access my network.  How can I do this?
>>     
>
> So I think you want the thin client computers to be unable to see the main
> network?  Given that as thin clients they are actually running programs on
> your server this is not trivial.  
>
> a. You can use iptables (or something higher level like shorewall) to
>    restrict what connections are allowed to the main network zone (beyond
>    eth1) from the local machine and from the thin client network zone
>    (behind eth0).  This will also restrict _you_ if you are a user on the
>    server so you might need something more sophisticated.
>
> b. It is possible with iptables to apply restrictions on locally generated
>    packets based on the "packet creator".  So, you can say 
> 	"--uid-owner userid"
>    in order to say that only certain users can connect to the main network
>    in certain ways.  I've never done this myself and it is not trivial if
>    you haven't used iptables before.
>
>   
>> 2. I am trying to figure out a way to remove applications from the menu 
>> that the clients will not (and should not) have access to.  I guess I'm 
>> looking for a KIOSK that will work with Gnome.  Any suggestions?
>>     
>
> You could always just use apt to remove the applications from the LTSP
> chroot environment?  That way they are there on the server but not for thin
> clients.  
>
> RedHat documents lockdown of GNOME here but not really available programs:
>
> http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/desktop-guide/s1-ddg-lockdown-other-kiosk-configs.html
>
> Sun also has docs here:
>
> http://docs.sun.com/app/docs/doc/817-5310/6mkpbn3up?a=view
>
> Note that if you remove the programs from the menu there is often nothing
> stopping the user running them from the command line.  They need to either
> be removed completely or be restricted permissions to be secured from users
> (the latter is not trivial to maintain).
>
> Gavin
>
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/edubuntu-users/attachments/20060801/9fab4a77/attachment-0001.htm

More information about the edubuntu-users mailing list