LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 12-19-2005, 01:31 PM   #1
ziggy1621
LQ Newbie
 
Registered: Apr 2005
Location: FL
Distribution: FC4
Posts: 20

Rep: Reputation: 0
SambaPDC and ACLs


I have learned how to setup samba as the PDC on the network. Is it possible to setup ACLs to where the user is prohibited from installing programs, etc.?

Thanks,

ziggy

Last edited by ziggy1621; 12-19-2005 at 02:04 PM.
 
Old 12-20-2005, 06:45 AM   #2
fouldsy
Senior Member
 
Registered: Jan 2002
Location: St Louis, MO
Distribution: Ubuntu
Posts: 1,284

Rep: Reputation: 47
It depends on the operating system the client machines will be using. There are methods of controlling both Linux + Windows machines to lock down settings. Let us know a little more about what environment you're wishing to try this out with.
 
Old 12-20-2005, 05:03 PM   #3
ziggy1621
LQ Newbie
 
Registered: Apr 2005
Location: FL
Distribution: FC4
Posts: 20

Original Poster
Rep: Reputation: 0
windows systems. I want to be able to set file/folder access control, which i can find by googling. but i can't find anything that goes into more depth, like regulating the CLIENT's machine that logs on thru the PDC.

Thanks
 
Old 12-20-2005, 06:40 PM   #4
WindowBreaker
Member
 
Registered: Oct 2005
Distribution: Slackware
Posts: 228

Rep: Reputation: 31
ACL's are Access Control Lists, which are associated with files and folders on a drive. You can't use ACL's if the filesystem doesn't support them. So that means you must have NTFS on the client machines. If they have fat32, then you can't limit what users can do with files, since they will be able to do anything with them.

When you create users on the PDC, they are added to the Global group called "Domain Users". This domain global group is a member of each client computer's (if they're members of the domain) local group called "Users". So by default, standard users can't modify system files (if you're using NTFS), and can't modify the registry. Both of these are typically required to install programs.

Keep in mind that there's a whole world of programs that will run from a thumb drive. They are standalone .exe files that don't need to modify or update system files, or make any changes to the registry. The only way to stop those is to impose a computer policy where only approved programs are allowed to run, such as explorer.exe (the shell), etc.

So in conclusion, some of it depends on how your client machines are configured (particularly their filesystem), and some depends on how tight you want you security to be. You can make the security super-tight, but remember that many Windows programs won't run properly for users if they have such limited access to the computer.

One last thing to consider is a program like DeepFreeze. This program restores the computer to exactly how it was when you enabled deep freeze. So if programs are installed, or files are saved to the desktop, all that goes away with the next reboot and the computer is restored to how it was. I know some internet cafe's use stuff like that but I haven't played with it much.

Hope this helped.

Last edited by WindowBreaker; 12-20-2005 at 06:42 PM.
 
Old 12-21-2005, 07:10 AM   #5
ziggy1621
LQ Newbie
 
Registered: Apr 2005
Location: FL
Distribution: FC4
Posts: 20

Original Poster
Rep: Reputation: 0
Yes, that helps out a ton! I thought I was in for a day of reading and a couple days of playing around .. sigh of relief.

I will definitely check into DeepFreeze. I also found someone who wrote a program off of XP's shutdown.exe. Its called AutoShutdown.exe. I tried it and it works. So with DeepFreeze and AutoShutdown, clients can leave there computers Logged Off when leaving work, and all can be set to shutdown at a time during the night so DeepFreeze can do its task.

One other question. How would I restrice access to browsing the clients comptuer (windows box) to the %systemroot% folder? I'm sure you are going to tell me to read up on the roaming profile, which I do need to, but thought I would ask in case I'm wrong.

P.S. AutoShutDown is here.

Thanks again for all the help guys!

ziggy

Last edited by ziggy1621; 12-21-2005 at 07:12 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ACLs through NFS in Fedora Core 3 grimpy Linux - Networking 1 11-10-2005 12:41 AM
Linux ACLs kcv Linux - Security 6 09-14-2005 03:50 PM
kernel 2.4.26 with xfs and acls deloptes Linux - Software 0 07-07-2004 03:50 PM
SQUID - seperate ACLs fr different user groups? HCBLinux Linux - Networking 0 01-30-2004 02:21 PM
SQUID - seperate ACLs fr different user groups? HCBLinux Linux - Networking 0 01-30-2004 10:20 AM


All times are GMT -5. The time now is 11:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration