Mailinglist Archive: opensuse (4749 mails)

< Previous Next >
Re: [SLE] Restrict Users--Fred, More Please
** Reply to message from Christopher Mahmood <ckm@xxxxxxxx> on Wed, 28
May 2003 16:04:54 -0700

# A better solution is to force all traffic to port 80 and 443 through
# a proxy that the user has to authenticate to in order to use. Of
# course, the kids can always just find an open proxy somewhere that
# they can use to bypass this restriction as well. Once they get that
# sophisticated they'd probably figure out that they can just boot
# with 'init=/bin/sh' in order to change root's passwd (and the
# restrictions) or boot from something like the live eval cd.

In cmos, I have disabled booting from cd and floppy.

In grub, the command line is md5 password protected. Default linux is
the only choice they have.

Grub is in the mbr and dual-boot to their mom's win98 is also md5
password protected.

I don't know anything about proxies, except I use privoxy on my
machine. What kind of proxy are you referring to?

For the time being I have added sudo /sbin/ifdown eth0 to each
$HOME/.bashrc per the suggestion from Basil Fowler, but how long will
it take them to learn enough linux to know they can edit that file
without root permission?

Ed Harrison, broadcasting on:
by SuSE (8.2), Kernel 2.4.20,
X-server 4.3, PolarBarMailer 1.25a

< Previous Next >