[EdLUG] Locking down Ubuntu 14.04

Edinburgh Linux Users Group edlug at lists.edlug.org.uk
Wed Sep 30 17:49:27 UTC 2015


Admittedly I hadn't tested that suggestion yet, it was more of a rush.

I did think of the guest account, but it allows users to save to the home
dir and desktop (even though that's purged later)

Probably marking the home folder as read-only would prevent apps from
creating/modifying config files, but I'd be a little surprised if anything
actually crashed in this setup..... I'll give it a test later on the way
home myself in a VM. Bus commutes are boring like that....



===
Tai Kedzierski

Affordable Office IT for Freelance and Startup Businesses
http://helpuse.com/

  I use www.libreoffice.org

*"Open Source Free Software is a matter of liberty, not price."*
http://bit.ly/foss-why-care


On 30 September 2015 at 18:33, Edinburgh Linux Users Group <
edlug at lists.edlug.org.uk> wrote:

>
> On Wed, 30 Sep 2015, at 06:06 PM, Edinburgh Linux Users Group wrote:
>
> Here's how I understand the reasoning:
> The shelter does not want residents saving files to the hard drive ;
> specifically, they want to make sure the residents are actively pushed by
> the system towards their pen drives
>
> I assume the computers are going to be available in the shelter as
> stationary workstations - not for roaming around with.
>
> *Id est*: The requirement of not being able to write to disk is not so
> much a security requirement, but rather to ensure residents are saving
> their personal documents to the right place - is this correct?
>
>
> Given these goals, perhaps the easiest solution would be to create a
> non-admin user for residents to log in as.
> Then, using super user, remove the write permissions on the home directory
> (make it non-writable), and change its owner and group to root (make it so
> the user can't turn write-ability back on)
>
> adduser user
> chmod -R 555 /home/user
> chmod -R root:rrot /home/user
>
> Thus they won't be able to write into the downloads or documents folders
> etc, but a mounted flash drive would work fine.
>
>
> Doesn't ubuntu have a guest login where the homedir is tmpfs?
>
> Doing as suggested above will make most DEs barf and crash!
>
> Graeme
>
>
> _______________________________________________
> EdLUG mailing list
> EdLUG at lists.edlug.org.uk
> https://lists.edlug.org.uk/mailman/listinfo/edlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.edlug.org.uk/pipermail/edlug/attachments/20150930/739bf6db/attachment.html>


More information about the EdLUG mailing list