Deploying Linux Desktops in a Business (was Re: Antivirus for Ubuntu)

Brian Fahrlander brian at fahrlander.net
Fri May 25 08:13:36 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ben Edwards wrote:
<snipped>
> For example what access do we give non technical people to there Linux
> Desktop.  Is it possible to give non sudo access to the box but allow
> them to install security updates.  It is possible to give non sudo
> access and allow them to install/remove programs - maybe from a subset
> of what is available.
> 
> Any thoughts on this appreciated.

    Anyone on a Linux box, unless they're _sharing_ a Linux box, won't
have any problems along those lines. A broken Linux box is the same as a
broken Windows box, the difference is that if a Linux box is broken, it
actually _shows_. There won't be bots fiddling around with your
bandwidth or selling V1agra to people. Reloading isn't a huge problem,
since there's 6 questions and one of them is your own name. Worst case,
an hour of downtime; cracking the box doesn't mean it's 'going rogue' or
anything.  This would be the casually-secure business environment.

    Or if you want to get fancy, and have LDAP deployed with an NFS
shared /home directory, (like I have here in the house) it's probably
better to   let the admin install the programs. A couple of quick
keystrokes through ssh and it's done.  And since a raid drive protects
all their data, a 'flush-n-fill' on a given machine is painless.

    Or, be more radical about it, make all your workstations Pentiums
from a salvage store. ($50 each) and make each one come up with the
chooser- so they're logging into a large, protected,
behind-locks-and-doors kind of machine on which the admin does that for
them. This makes the hardware into X terminals; the only thing might be
a problem is sound, and sound isn't usually an issue in a cube-farm or
other classic business setting.  Economy AND security.

    Unlike the other leading brand, you have lots of choices...

    :)


- --
 ------------------------------------------------------------------------
 Brian Fahrländer                 Christian, Conservative, and Technomad
 Evansville, IN                              http://Fahrlander.net/brian
 ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
 ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVpqv6PLtRzZbdhYRAg8XAJ9MN3X7WrAryD+diKrRE6oBYOu2rwCdEJL2
p9GWyRlUQH1Dyb4M+x4nDAo=
=30CB
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list