[EdLUG] Locking down Ubuntu 14.04
Edinburgh Linux Users Group
edlug at lists.edlug.org.uk
Wed Sep 30 17:06:34 UTC 2015
Here's how I understand the reasoning:
The shelter does not want residents saving files to the hard drive ;
specifically, they want to make sure the residents are actively pushed by
the system towards their pen drives
I assume the computers are going to be available in the shelter as
stationary workstations - not for roaming around with.
*Id est*: The requirement of not being able to write to disk is not so much
a security requirement, but rather to ensure residents are saving their
personal documents to the right place - is this correct?
Given these goals, perhaps the easiest solution would be to create a
non-admin user for residents to log in as.
Then, using super user, remove the write permissions on the home directory
(make it non-writable), and change its owner and group to root (make it so
the user can't turn write-ability back on)
adduser user
chmod -R 555 /home/user
chmod -R root:rrot /home/user
Thus they won't be able to write into the downloads or documents folders
etc, but a mounted flash drive would work fine.
Tai
===
Tai Kedzierski
Affordable Office IT for Freelance and Startup Businesses
http://helpuse.com/
I use www.libreoffice.org
*"Open Source Free Software is a matter of liberty, not price."*
http://bit.ly/foss-why-care
On 30 September 2015 at 07:12, Edinburgh Linux Users Group <
edlug at lists.edlug.org.uk> wrote:
> Hi, thanks for this suggestion. More questions in line...
>
> On Tue, Sep 29, 2015 at 11:03 PM, Edinburgh Linux Users Group <
> edlug at lists.edlug.org.uk> wrote:
>
>> You could use a live CD image on the hard drive, a quick look gave me
>> knoppix
>> which at first glance does not install, or set the hard drive to read
>> only.
>>
>
> Sorry, I didn't understand this suggestion. I know what a live CD is, but
> I don't know how to "use a live CD image on the hard drive." Before you
> explain, I should probably tell you that this system has only 2 GB of RAM,
> and so we need to be sparing of impact on RAM, as we are using Ubuntu
> 14.04, which really does need 2 GB of RAM as a minimum.
>
>
>>
>> Alternatively run without a drive and have a USB drive mounted internally
>> with a
>> live distro.
>>
>
> That is interesting, but again, it sounds like you are recommending using
> a live CD, which is difficult, given our RAM limitations.
>
> thanks everyone for your thoughts. I am open to other suggestions.
>
>
>>
>> Joe.
>>
>> > On 30 September 2015 at 01:50 Edinburgh Linux Users Group
>> > <edlug at lists.edlug.org.uk> wrote:
>> >
>> >
>> > Hi,
>> >
>> > I am donating two Ubuntu 14.04 machines to a homeless shelter. The
>> shelter
>> > would like to prevent the residents from writing any documents to the
>> hard
>> > drive. The shelter wants to have residents download stuff to flash
>> drives
>> > they are giving the residents. Googling, I find nothing directly on
>> > point. Any help is welcome.
>> >
>> > I did find this
>> >
>> > http://forums.linuxvoice.com/viewtopic.php?f=3&t=147
>> >
>> > Which talks about locking down the user settings, but it does not
>> prevent
>> > writing to the hard drive.
>> > <https://lists.edlug.org.uk/mailman/listinfo/edlug>
>>
>> _______________________________________________
>> EdLUG mailing list
>> EdLUG at lists.edlug.org.uk
>> https://lists.edlug.org.uk/mailman/listinfo/edlug
>>
>
>
>
> _______________________________________________
> EdLUG mailing list
> EdLUG at lists.edlug.org.uk
> https://lists.edlug.org.uk/mailman/listinfo/edlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20150930/3bef51e0/attachment.html>
More information about the EdLUG
mailing list