DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Rep:
user permissions
Hello. I work at a shelter (actually, a big warehouse that is "first stage transitional housing"), and I'd like to set up another computer for them. I got a very old Pentium (32 MB ram) that I set up with Windows 98. I recently have acquired a better computer (400 MHz), and I'd like to put Debian on it. The game Supertux would be a real hit (games from Wiering Software, like Charlie the Duck, are very popular with the crew I work with).
The problems I had with Windows 98 are:
difficult to find games that are not "shareware", which often only allow part of the game to be played, sometimes with annoying messages.
some users will spend all day creating shortcuts for the desktop -- I've had to erase hundreds of these. The "Start" button, as a means to find and start programs, does not register with most users.
some users will delete programs, or mess around with system settings.
So, Debian seems the perfect choice. However, I want to make it both accessible and secure (a slight contradiction, I realize, but I think it's possible). I plan to set up gdm to automatically log in as a default user, without needing to type in a password. And, for the default user, I would like to set it up so that the desktop cannot be altered. I will set up personal users who can alter their desktops till their heart's content (via logging in), but I want the general public interface to remain clear and clean. Basically, how do I alter the permissions of users?
I really want to find a way to prevent hundreds of shortcuts being put on the default desktop (I'm not exaggerating when I say "hundreds"). Thanks in advance for any suggestions and/or pointers. Suggestions of games I can install (from either deb packages, or from source) are appreciated too.
Linux is ideal for kiosk machines, which is more or less what you seek to create here. File permissions are a huge topic to explain to someone who has no idea where to begin. These fine folks have done it far better than I could:
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Rep:
Thanks for the link to the educational stuff about permissions. Quite interesting. I did not realize what the numbers (ie, 755) meant before.
Anyway, I created a user account named "guest", with password "guest". I made gdm automatically log into this user after 30 seconds. Then, using nautilus, I switched the permissions of the home directory, and the desktop directory, to read and execute (555), eliminating write permissions. This accomplished what I wanted. But, when I rebooted the machine, I was no longer allowed to log back into the guest account.
I then tried to switch the home directory of guest, via the Users Administration Tool (aka Users and Groups, a gnome gui device for messing about with users and groups settings). I figured that I could eliminate write privileges from guest for everything, but hopefully the machine would log into that directory. Then, for web browsing, I could allow others to have write privileges on the necessary mozilla directory within the other users home directory (that "guest" would currently be visiting. Needless to say, I was unable to log in as "guest" to this home directory; so, this was not a go.
If there is a way to prevent users from having write access, and still being able to log in, please let me know. Thanks.
PS, PenguinPwrdBox, goodluck on the Cisco lab.
Last edited by mark_alfred; 08-28-2005 at 11:00 AM.
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Rep:
I figured it out!
Ha! I figured it out! I eliminated write access to the Desktop, and eliminated Read access to guest's home directory (preserving write access). That did it. Users will not be able to screw around with the set-up. (perhaps via the console, or something -- but hey, if they can get that far, kudos to them -- it means they're learning).
If so, I would make sure that no SSH or FTP server is running. A user with the name 'Guest' and the password 'Guest' is not what you call 'secure'. I have hundreds of break-in attempts on my Debian server everyday which use name lists to try to get into my machine (so they try for example 20 times with usernames like "root, admin, guest, apache, default". So I would definetaly change the username and password to something not so obvious. Or make sure that no connections are allowed from such users from the outside.
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Rep:
It won't be used as a server of any kind. And I'll likely set-up a firewall (perhaps Guarddog). But you're probably right, a username/password that is less obvious to outsiders, but known to the insiders (ie, the shelter-name, or the postal code) would be better. Since the machine will be automatically logging in, the password probably won't matter for the clients of the shelter.
My recently contemplated set-up, eliminating Read access to guest's home directory (preserving write access) is an awkward set up, that only half works. I think I'll not worry about the home directory, and just leave it as permission 755.
Last edited by mark_alfred; 08-29-2005 at 07:42 AM.
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Rep:
porn
Porn is another issue I'm not sure how to handle. Management of the shelter wants some safe guards here. Initially I was going to set up the extension Blockxxx (which works similar to
adblock) on Firefox, and hide Epiphany, and Konqueror. However, Firefox works terribly on Debian. And I felt that eventually someone would find Konqueror. Instead, I downloaded a proxy server filter list from the internet, at http://www.ericphelps.com/security/pac.htm, and set this up.
This works reasonably well. The problem is that any user can change this set up. For example, in Mozilla, any user can go to edit, preferences, advanced, proxies, and change it. Is there a way to prevent users from altering the preferences in browsers? Or any other suggestions (ie, a UserContent.css file, or something)?
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
Original Poster
Rep:
kiosktool
About user permissions, someone suggested kde's kiosktool, found in the testing (Etch) repositories of Debian packages. I tried this, and was initially quite excited. However, after my system crashed several times, I gave up this. I find KDE a cluttered mess anyway. I do rely on some of its programs, though, and kiosktools has broken some of them (konqueror, guarddog). I managed to fix konqueror by reinstalling and reconfiguring. Guarddog is still buggered up though. If anyone has any tips on fixing it, please share.
For blocking porn, I've decided to go with squid and dansguardian. I really should have two computers (a proxy server, and the client). But, alas, I don't. So, I'm attempting to hide the proxy server on the one computer (I found out how to lock Mozilla's preferences, and I've removed Epiphany, and removed Desktop Preferences, from the Applications menu.) If anyone knows how to remove the Debian Menu from the applications menu, do share. Thanks.
Last edited by mark_alfred; 09-10-2005 at 08:21 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.