<div dir="ltr"><div><div><div><div><div>Here's how I understand the reasoning:<br><br></div>The shelter does not want residents saving files to the hard drive ; specifically, they want to make sure the residents are actively pushed by the system towards their pen drives<br><br></div>I assume the computers are going to be available in the shelter as stationary workstations - not for roaming around with.<br><br></div><div><i>Id est</i>: The requirement of not being able to write to disk is not so much a security requirement, but rather to ensure residents are saving their personal documents to the right place - is this correct?<br></div><div><br><br><br></div>Given these goals, perhaps the easiest solution would be to create a non-admin user for residents to log in as.<br>Then, using super user, remove the write permissions on the home directory (make it non-writable), and change its owner and group to root (make it so the user can't turn write-ability back on)<br><br></div><div>adduser user<br></div><div>chmod -R 555 /home/user<br></div><div>chmod -R root:rrot /home/user<br></div><div><br></div>Thus they won't be able to write into the downloads or documents folders etc, but a mounted flash drive would work fine.<br><br></div>Tai<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><br><br>===<br>Tai Kedzierski<br><br></div><div>Affordable Office IT for Freelance and Startup Businesses<br></div><div dir="ltr"><a href="http://helpuse.com/" target="_blank">http://helpuse.com/</a><br></div><br><div dir="ltr"><span></span><font size="1"><img src="http://www.free-mac-programs.com/images/applications/libreoffice.png" height="19" width="19"> I use <a href="http://www.libreoffice.org" target="_blank">www.libreoffice.org</a><br><br><i>"Open Source Free Software is a matter of liberty, not price."</i><br>
<a href="http://bit.ly/foss-why-care" target="_blank">http://bit.ly/foss-why-care </a><br></font><font size="2"><br></font></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 30 September 2015 at 07:12, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, thanks for this suggestion. More questions in line...<br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Tue, Sep 29, 2015 at 11:03 PM, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You could use a live CD image on the hard drive, a quick look gave me knoppix<br>
which at first glance does not install, or set the hard drive to read only.<br></blockquote><div><br></div></span><div>Sorry, I didn't understand this suggestion. I know what a live CD is, but I don't know how to "use a live CD image on the hard drive." Before you explain, I should probably tell you that this system has only 2 GB of RAM, and so we need to be sparing of impact on RAM, as we are using Ubuntu 14.04, which really does need 2 GB of RAM as a minimum.<br> </div><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Alternatively run without a drive and have a USB drive mounted internally with a<br>
live distro.<br></blockquote><div><br></div></span><div>That is interesting, but again, it sounds like you are recommending using a live CD, which is difficult, given our RAM limitations. <br><br></div><div>thanks everyone for your thoughts. I am open to other suggestions.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
Joe.<br>
<br>
> On 30 September 2015 at 01:50 Edinburgh Linux Users Group<br>
</span><div><div><span class="">> <<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>> wrote:<br>
><br>
><br>
> Hi,<br>
><br>
> I am donating two Ubuntu 14.04 machines to a homeless shelter. The shelter<br>
> would like to prevent the residents from writing any documents to the hard<br>
> drive. The shelter wants to have residents download stuff to flash drives<br>
> they are giving the residents. Googling, I find nothing directly on<br>
> point. Any help is welcome.<br>
><br>
> I did find this<br>
><br>
> <a href="http://forums.linuxvoice.com/viewtopic.php?f=3&t=147" rel="noreferrer" target="_blank">http://forums.linuxvoice.com/viewtopic.php?f=3&t=147</a><br>
><br>
> Which talks about locking down the user settings, but it does not prevent<br>
> writing to the hard drive.<br>
><a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank"></a><br>
<br></span><span class="">
_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
</span></div></div></blockquote></div><br><br></div></div>
<br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div><br></div>