We are setting up a training station on a desktop PC and would like to triple boot. The problem: How do we forbid mounting of the XP or VISTA files by the linux system? Is it better to use a virtual machine in VISTA or XP to isolate the linux parts or can we triple boot and isolate? We fear that once we train newbies to mount other filesystems they will experiment and hose the XP or VISTA OS which would affect the moneymaker side of training.

Hi,

Wouldn't it be a very (very!) good idea to setup a brand new, maybe modified to a specific task, environment every time a new group of trainees arrive instead of trying to close off/secure certain parts of the machine(s)?

You could create multiple images that are tailored to the specific training session and load them when needed/wanted.

I've been to many Unix/Linux trainee sessions to know that this is 'normal behavior'. It provides all trainees the same, sane environment instead of a possible broken system (Yep, me and just about everybody in class tried to 'break/compromise' the system during the training sessions.......).

Not the answer you asked for, I'm sure. But looking at the description of the problem you are giving this is a much more practical solution.

If you use multiple images inside a virtual machine in VISTA or XP, that are tailored to the specific training session, as suggested above.

Taylor each image to suit each training lesson(s). maybe more than one theme / lesson to a image would be the most practical.

If the virtual O/S is messed up,
then its simply a straight replacement of the virtual image....

also have a pwd on the M$ login, to stop any attempt to load another image.

One other option is to remove ntfs support. E.G. from the kernel and the ntfs-3g package.
For removable drives you could have a polkit policy against mounting. If the trainies don't have root access, you could have it mount read-only with only root access. I.E. user=root,dmask=0500,fmask=0400 mount options.

With root access there isn't much you can do to protect it. If someone can boot up a cdrom live distro, or usb distro, then even using virtualization won't help. ( You can disable booting this way in the bios, and password protect alternative grub menu O& boot options )

Thank you for the comments. I'll expand the problem a little. The XP/VISTA OS's are on ten desktops for teaching senior citizens how to use their computers. We have images for those and have learned to deal (years of classes) with related problems. The Linux OS will be used by our computer club SIG (special interest group - Linux) for experimenting and learning. Another SIG (networking group) is responsible for the classroom and they are asking for the isolation.

Linux SIG may not need an image, as we are experienced newbies and can handle disaster to our OS, after leaning heavily on this website. We need to be able to use ntfs for usb drives, I think.

Two things occur to me:
1 - The threat to Linux, as a virtual machine, may be higher than the risk to the other OS's from Linux. Windows trainees could delete the virtual machine or program
2 - We have a supervised situation to preclude XP/VISTA students from live CD crimes. Our Linux users are not interested in the other OS's and won't be likely to cause a problem and loose privileges.