Mailinglist Archive: opensuse-edu (37 mails)

< Previous Next >
RE: [suse-linux-uk-schools] Network migration starting with squid.. help
  • From: Thomas Adam <thomas_adam16@xxxxxxxxx>
  • Date: Thu, 12 May 2005 09:42:09 +0000 (UTC)
  • Message-id: <20050512094130.814.qmail@xxxxxxxxxxxxxxxxxxxxxxx>

--- Alan Loughlin <loughlina@xxxxxxxxxxxxxxxxxxxx> wrote:
> When I talk about locking files down, to me that means, restricting
> user
> access and controlling what they see. I really just going by what I
> can do
> at the moment in group policy, as this is what I know.

There's a few ways you can do this -- you could change a $USER's
primary group to something you have created that then is only
associated with various items you want them to see (crude). You'd be
better of with LDAP, if that's possible though.

> Menu locking and altering from a central location (folder redirection
> in
> group policy)

Menu locking would best be done via changing perms on ~/.kde or
~/.gnome

> Home folder located on a server

Many ways you can do that. Samba, for instance.

> Authentication from a Linux server basically replace active
> directory, as I
> won't need it if my workstations are a Linux distro.

Samba again.

> Taking drive visibly away from the file manager so they just see
> their home
> folder and any shares

You can lock them in, using a variety of methods, although restricting
users in this way has always been a bit of a black art. You could use
a chroot-jail, but this would involve having to recreate a lot of the
top-level directories within one's $HOME -- something that's probably
not desireable. You might get away with setting their shell to
'rbash', if you want to really lock them down.

> Replace roaming profiles with Linux version (are all user settings
> located
> in /home?)

Yes.

> Scripts or a method to ensure printers for each room are setup for
> every pc
> in that room with the ability to have some printers roam with certain
> users.

CUPS + Samba can do this.

> Kiosk seems the way to go, but does this have to be run on every
> Linux
> client? All my pcs are decent, except they have windows on them at
> the
> moment ;-)

The kiosk would have to run on every client, unless you centralised it
so that the Xserver was running on another machine, and the clients
connected to it (think XDCMP). But this would probably create a
bottleneck and a very hughload on the server running the Xserver. I'd
probably just keep the kiosk running on the local workstation, along
with KDE (if you went for that particular desktop environment, of
course.)

> Is the webmin environment good for network management? Especially for
> the
> likes of what Im trying to achieve?

Not really. I really have a hatred for webmin, but it really isn't
appropriate, in my opinion, for your needs here.

> I really like xfce, it's a pity it doesn't seem it has anything like
> kiosk.

But you can lock it down. You can do the same thing with FVWM as well.
The only problem is that it requires some time to put everything in
place, alas.

> I have used a few distros at home, suse, ubuntu, kubuntu (same I
> know),
> fedora and more recently simply mepis. I've stayed with mepis purely
> because
> the setup for my wireless adaptor was completely flawless and hasn't
> stopped
> working since. And itÂ’s a really good distro, in my opinion...

I've heard some nice things about it. One thing they do which I
thought is a nice touch is they prelink openoffice so that it loads
much faster.

> From tinkering with Linux and collection of info, I think (based on
> limited
> knowledge) that the set should be as follows:
>
> Central authentication/management server - 2 for redundancy/load
> balancing
> would be nice.

That would be an intresting project to work on.

> File server - backed up every night to dds4 drive - could be on same
> server
> as above

There's many programs you can use for this -- I use 'Amanda', although
theres rsync and friends.

> Intranet/antivirus management server - non critical files also stored
> here
> Windows server with terminal services - I still need to run 4 windows
> apps,
> successmaker, Pass for windows, phoenix and epar

> Internet filtering server - cachepilot, censornet, squid/dansguardian
> (all
> to be properly assessed)

Yup - things have moved on a lot since I last setup squid properly in a
working environment. You'll get plenty of help here on that.

> Linux fat client workstations - school wide based image, easily
> deployed
>

-- Thomas Adam





___________________________________________________________
Yahoo! Messenger - want a free and easy way to contact your friends online? http://uk.messenger.yahoo.com

< Previous Next >