Originally Posted by GuyFreakz
Like my client couldn't change the desktop background unless they login using admin account or they cannot access the control panel etc or they cannot have access to local drive except the "C:". Usually when the user login, they will request the group policy to be applied from the server (Server 2k3), but i'm not they can request such a thing from Linux server, that's what i mean when said:
I hope this can be a good solution, i'll try to get more information about this tool.
Anyway thank you very much for your knowledge, i'm really new and amateur in linux, this is will be my first time experience to use it as a server. hehehehe...
The "C:" part is easy enough to restrict in linux, there are a couple of ways of doing it. The method I am going to use is assuming that linux is booted off of the locale machine.
You can lock off any type of file using chmod and chown. Generally by default a user only really has access to a few locations, the most general being /home/username, if you set up the user account and set this folder to read and execute only without the ability to write. The user will not be able to write to this space. Alternatively you can redirect the default login location to a network location if you are using something like samba to mount network partitions as suggested above.
The method I know of doing this is editing /etc/passwd
say the user is a member of accounts and you wish to redirect them to the the accounts directory on the samba share what is mounted as /samba/accounts, by default they have an entry like
What you could do is change this line to
One side effect of this is that some account information may need to stored within /samba/accounts to allow logins to work without issue. This is not the full effect of what you are asking and I am sure there is probably a neater method of doing this task, but this is an example of how you can do one of these things in Linux
Also to note there is also a utility called chroot, with this you could effectively lock the account down to only being able to see /samba/accounts and any child of /samba/accounts as that user will see /samba/accounts as if it were the root of the file system. I have never used chroot myself so do not know it's limitation or abilities.