--- Alan Loughlin <loughlina@swalcliffepark.co.uk> wrote:
When I talk about locking files down, to me that means, restricting user access and controlling what they see. I really just going by what I can do at the moment in group policy, as this is what I know.
There's a few ways you can do this -- you could change a $USER's primary group to something you have created that then is only associated with various items you want them to see (crude). You'd be better of with LDAP, if that's possible though.
Menu locking and altering from a central location (folder redirection in group policy)
Menu locking would best be done via changing perms on ~/.kde or ~/.gnome
Home folder located on a server
Many ways you can do that. Samba, for instance.
Authentication from a Linux server basically replace active directory, as I won't need it if my workstations are a Linux distro.
Samba again.
Taking drive visibly away from the file manager so they just see their home folder and any shares
You can lock them in, using a variety of methods, although restricting users in this way has always been a bit of a black art. You could use a chroot-jail, but this would involve having to recreate a lot of the top-level directories within one's $HOME -- something that's probably not desireable. You might get away with setting their shell to 'rbash', if you want to really lock them down.
Replace roaming profiles with Linux version (are all user settings located in /home?)
Yes.
Scripts or a method to ensure printers for each room are setup for every pc in that room with the ability to have some printers roam with certain users.
CUPS + Samba can do this.
Kiosk seems the way to go, but does this have to be run on every Linux client? All my pcs are decent, except they have windows on them at the moment ;-)
The kiosk would have to run on every client, unless you centralised it so that the Xserver was running on another machine, and the clients connected to it (think XDCMP). But this would probably create a bottleneck and a very hughload on the server running the Xserver. I'd probably just keep the kiosk running on the local workstation, along with KDE (if you went for that particular desktop environment, of course.)
Is the webmin environment good for network management? Especially for the likes of what Im trying to achieve?
Not really. I really have a hatred for webmin, but it really isn't appropriate, in my opinion, for your needs here.
I really like xfce, it's a pity it doesn't seem it has anything like kiosk.
But you can lock it down. You can do the same thing with FVWM as well. The only problem is that it requires some time to put everything in place, alas.
I have used a few distros at home, suse, ubuntu, kubuntu (same I know), fedora and more recently simply mepis. I've stayed with mepis purely because the setup for my wireless adaptor was completely flawless and hasn't stopped working since. And its a really good distro, in my opinion...
I've heard some nice things about it. One thing they do which I thought is a nice touch is they prelink openoffice so that it loads much faster.
From tinkering with Linux and collection of info, I think (based on limited knowledge) that the set should be as follows:
Central authentication/management server - 2 for redundancy/load balancing would be nice.
That would be an intresting project to work on.
File server - backed up every night to dds4 drive - could be on same server as above
There's many programs you can use for this -- I use 'Amanda', although theres rsync and friends.
Intranet/antivirus management server - non critical files also stored here Windows server with terminal services - I still need to run 4 windows apps, successmaker, Pass for windows, phoenix and epar
Internet filtering server - cachepilot, censornet, squid/dansguardian (all to be properly assessed)
Yup - things have moved on a lot since I last setup squid properly in a working environment. You'll get plenty of help here on that.
Linux fat client workstations - school wide based image, easily deployed
-- Thomas Adam ___________________________________________________________ Yahoo! Messenger - want a free and easy way to contact your friends online? http://uk.messenger.yahoo.com