Im setting up a test computer for school that will be used by students and if it works good we will be switching to linux, if not M$ stays.
So I created 2user accounts. One is TEACHER and the other one is STUDENT which is stripped of almost all permissions.
And I've also used PESSULUS to lock down the STUDENT account. But the problem is that when I log in as STUDENT I am still able to change the settings of aMSN or Nautilus,Crossover OFFICE-> MS OFFICE 2000 or the hidden file/folders under STUDENT's home dir.
So I believe that I should do the following:
I should set it up so when a user STUDENT logs out, his home directory gets restored to its original status (copied from some location in /usr/share/......). I think this is better than just locking access to config files, or at least it's what I'd prefer as a user.
But unfortunetly I dont know how to achieve this?

Am using UBUNTU DAPPER and latest GNOME. So please help me out here.

Edit .bash_logout to do something and then chown it to root, maybe? And, possibly, also do the same with .bash_profile (so in case of hard session crash, maybe provoked, everything will be copied on login of the next user). And is it intentional not to have personal logins and possibility to store personal files (I mean, without risk of them being destroyed)?

Hi BigDaddy,

I don't know what do you want to achieve from all this!
Why do you think that if they (Students) play around with
some config files the whole system is going to be messed up. They should get ample time and practice to play around. Some of them are the innovators and genius of the future, and just for some of them (those genius) you will have to allow them to do whatever all want. Let them see the world using their own eyes. Let them have some fun. and Let them innovate in MISTAKES which will lead them to a better understanding of the things.

Still there is an overhead to you and it is to maintain messed up thing! As you mentioned earlier you should backup the whole home directory and if something goes wrong let the student who messed up try to recover it. If he/she is unable to that only then you should restore the directories.

Please consider my request and let them find their ways, let them grow their own way.

Hope you will not mind an advice not asked for.

it does nothing. I put in .bash_logout:
and then I logged out of the account and logged back in and there was no ~/trial1 folder.

Yes it is! There will be 4 such computers in the LOBBY and around 100students or more will have free access on them from 7am to 9pm without any supervision. So they must be very secure.

Good idea! I could create an account PLAY_WITH_ME with which they would have free hands.

Did you check that the file is readable by user, but not writable?
I can mention that variant with .bashrc and .bash_profile is better.
Or do you use smth different from bash as shell??

>So they must be very secure.
1.Just giving personal logins with some megabytes for each gives students isolated space. If you do it right, it will be rather hard to spoil life to anyone but the spoiler.
2.If you do ask such questions (no offence intended, just the fact), you won't get security... Only honesty of students can save your system. And will, if you won't seem too restrictive administrator. For example, your proposed system will not work if you do not take measures to catch run-away daemons left by students (intent to work around your system supposed). And there are fake-logins.

Since you are already using Ubuntu, check out Edubuntu. I have not tried it, but it is supposedly specifically for schools. It might make your life easier.

--Ian

Hello Bigdaddy,


Thanks for considering my request and I liked the account name too!

The usual approach to this sort of thing is LTSP: see www.ltsp.org and more specifically www.k12ltsp.org.
Have a read.

Hello,

Again you can set the config files (obviously related to the user only ) to be immutable.
I thinks this should solve your problem

when I tried it the file was both readable, writable to user.
Dont know exactly what U mean! Since the log in window is the GNOME's GDM

But that would require around 200 personal logins per machine. Any easy way to do that?


Well Im a student also in this high-school. And I just do what SYS ADMIN tells me who doesnt have a clue about linux.He's just be saying for years how linux is GREAT but he doesnt have time to try it. bla bla bla

just hope that SYS ADMIN wont be a bitch about it. I mean he wants a picture of school in every desktop. And then I said like who will want to watch it on the desktop. And then he responded this is a school. And as such we must do things the SCHOOL's way.

I thought about it but I dont need it. Since I only need aMSN, MS OFFICE 2000, EPYPHANY

Could U please be more specific, I haven't a clue of what U mean

Interesting article. But am sticking with UBUNTU DAPPER

this is how I achieved this:
I tarred the STUDENT folder to /home/qhome.tar.gz. And chown it to TEACHER and gave executable permission to all.
So then I put this script into GNOME->SESSIONS->STARTUP PROGRAMS:
http://ubuntuforums.org/attachment.p...8&d=1147245541
Tell me what do U think?