[EdLUG] Locking down Ubuntu 14.04
Edinburgh Linux Users Group
edlug at lists.edlug.org.uk
Wed Sep 30 17:33:34 UTC 2015
On Wed, 30 Sep 2015, at 06:06 PM, Edinburgh Linux Users Group wrote:
> Here's how I understand the reasoning: The shelter does not want
> residents saving files to the hard drive ; specifically, they want to
> make sure the residents are actively pushed by the system towards
> their pen drives
>
> I assume the computers are going to be available in the shelter as
> stationary workstations - not for roaming around with.
>
> *Id est*: The requirement of not being able to write to disk is not so
> much a security requirement, but rather to ensure residents are saving
> their personal documents to the right place - is this correct?
>
>
> Given these goals, perhaps the easiest solution would be to create a
> non-admin user for residents to log in as. Then, using super user,
> remove the write permissions on the home directory (make it non-
> writable), and change its owner and group to root (make it so the user
> can't turn write-ability back on)
>
> adduser user chmod -R 555 /home/user chmod -R root:rrot /home/user
>
> Thus they won't be able to write into the downloads or documents
> folders etc, but a mounted flash drive would work fine.
>
Doesn't ubuntu have a guest login where the homedir is tmpfs?
Doing as suggested above will make most DEs barf and crash!
Graeme
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20150930/0bfde4fd/attachment.html>
More information about the EdLUG
mailing list