-   Linux - General (
-   -   Linux iMac Computer Lab (

arew264 05-04-2007 05:11 PM

Linux iMac Computer Lab
I didn't know where else to post this, so here goes:
I have experience with linux on several normal 386 boxes before, but I have a problem.
I'm a high school student and at my school we have a foreign language computer lab. This lab basically consists of all the iMacs leftover when the school switched to eMacs and Dell Laptops for the teachers.
The computers in that lab are very unstable, but are generally set up so that a teacher or administrator can log in and get full system access or a student can log in and get access to internet explorer for mac and maybe a few other apps that are hardly used.
However, the computers are VERY unstable.
I would like to try to help the situation by first replacing all the bad keyboards, mice, and clock batteries (at least half of them think we're back in 1973).
From there, I would be able to either format and reconfigure all the comps with Mac OS 9 and get it back where people can browse the internet.

I would also, however, be able to try to get linux on them.
My thought is this: set it up so each user has a document folder on a central server (I could provide a 1GHz ish box for this) and when they log in (they would create accounts the first time they were in the lab), their computers would mount those documents and then the lab could be used for word processing and complex projects as well as internet browsing.

The main problems I would hit would be setting it up so that the user would log in, the client computer would check the login with the server, the whole documents folder thing, and mainly stability.

Another issue would be that the computers would have to word process and do office tasks multilingually. My thought there is to say that the user's home directory is their documents folder (allowing them to have whatever they want on their desktop, etc) such that I could use openoffice and have the students set their language the first time they use it (I know openoffice is multilingual, but I haven't set it to another language so far).
That way all the openoffice settings stored in the home folder would be available to the clients.

All this would have to be set up over the summer, and I would have to make a convincing argument to the head of the technology department to let me set it all up, so can anyone offer me any assistance here? The Mac OS route would certainly work, but I would rather make linux work here. How can I set up logins and everything that would be needed here? How should I have the home directories work? Is there a better way to make the office programs multilingual?

phantom_cyph 05-04-2007 05:16 PM

What is the network right now? Usually Novell is good for this.

arew264 05-04-2007 05:19 PM

At the moment, they are all connected to one switch on the school wide network. You do log in - but only as teacher or student (keeps the students from messing with system settings).
At least most of them are that way. A few were teacher computers and were never configured to log in - students get full access.

With these computers, there will be practically no budget for fixing the lab, which was the main drive behind my linux approach (plus it'd just be cool).

arew264 05-04-2007 07:11 PM

Okay, I've been researching this some and I have found a few things:
For processing logins, I see two possible routes. First, I could get PAM to somehow get authentication from the server instead of /etc/passwd (Think this would work, but not sure).
Second, I could just have the accounts created beforehand and given a password like changeme, and then synchronize the passwd file every time a user logs out.

Either way would work, but I would tend to prefer the PAM method. I don't really know much about PAM, just that it is involved in user authentication, so if someone could jump in here and tell me if I'm jumping at something that won't do what I need, it would be appreciated.

Also, I did find that the home directories could be managed using pam_mount. If I could get that working, it would be able to mount the user's home directory on login, which would be GOOD!
I would probably use NFS with that.

Now the only remaining problem that I can think of off the top of my head would be the office suite and GUI. I'll have to think on that.

For now, I've gotta be someplace.

arew264 05-04-2007 09:38 PM

Okay, I'm posting all this up here so I don't forget and so anyone else going this way can use this info.

For logins, I'm going to run a Kerberos server on the workgroup server and use the PAM kerberos module for authentication. I will then use the PAM mount module to mount the user's home directory.

For a Desktop Environment, I plan to use Gnome because it's not too strange to windows and mac users alike and because it's fairly lightweight yet does everything you would expect.

Openoffice as it turns out, has two language settings. There is the interface language, which I want to stay as english so people know how to save, etc. Then there is the document language, which can change for blocks of text in the document.
For more info on this, look at

From here, I should be good because file permissions will keep students from messing with the individual systems. I just have to install all the apps I want users to have on each computer.

EDIT: Also, just a sidenote, I'm going to go with Debian as a distro because it's very stable, and in the summer I can just upgrade all the computers at once and leave them for the next year. (they will probably be replaced soon anyway, but hey)

phantom_cyph 05-04-2007 10:04 PM

For debian, use the netinst CD if you can-makes things a lot easier, since you're doing a lab, instead of downloading 11 CDs for one install, download 11 CDs to install it on 11 computers at the same time. Also-as far as the desktop thing, if you could install the Freespire desktop-that would be even more Windows look-a-like.

arew264 05-04-2007 10:50 PM

Bah, I never liked linspire to begin with. Don't want to be at their mercy.
EDIT: Plus they don't offer it for the PowerPC. These iMacs are that architecture.

Anyway, I was planning to go with the netinstall, and I am currently trying to netinstall on an old test laptop I use for stuff like this.

The problem I am hitting now is that the laptop (a Dell CPi D300XT 300MHz) will not cooperate with the 2.6 kernel Debian must've switched to for the installer. The CD drive works with 2.4 kernels, but I have never gotten it to work with a 2.6 one.

Any idea how I could get an installation disk with a 2.4 kernel?
I'll poke around and see if I can start a netinstall from floppies, which would be cool.

arew264 05-04-2007 11:57 PM

An update - after I started reading the Kerberos documentation and suddenly exclaimed
I decided to go with an easier way. I will be using the MySQL module as security isn't a huge issue (these are student documents, not credit card records. Why would you want to heck them anyway).

I found shortly after that the function of kerberos is stated at the top of the documentation, but I am still going with MySQL. With some MD5 encryption, everything will be fine.

arew264 05-05-2007 12:13 PM

So I have everything planned out. Now all I need to do is install the needed software (mysql and NFS) and set it all up on a server I have at home and rig up a test machine (the aforementioned Dell Laptop) to see if it works.

Only problem is, the laptop hard drive crapped out while installing debian.

Considering that a new hard drive for that laptop is worth more than the laptop itself, I probably won't get one. Now I need a test computer... Ick... and i got rid of the two pentium machines I had sitting around too...

arew264 05-05-2007 07:45 PM

I'm having second thoughts about using NFS because it can't do usernames and passwords for shares. That would be okay most of the time, but I'm uncomfortable because anyone with linux on a laptop that connects to the school network could grab everyone's files.

I need a way of sharing files that can be mounted by PAM mount (SMB, NCP, or anything mountable using the mount command). There will be probably anywhere from 400-800 home directories to mount, so whatever I use should be able to share folders with minimal effort. Each home directory will have a different username and password, so it would be nice if it was relatively easy to create a script to create them for me.

What app would fill these requirements?

arew264 05-05-2007 10:40 PM


After looking around, it looks like none fill those requirements that are easy to setup and use.

Are there any that anyone can recommend for this sort of thing?

arew264 05-05-2007 11:31 PM

Looking around, I could chmod each user's home directory to 600, but then the problem is that with the PAM mysql logins, each user doesn't actually own their folder on the server...

To make this all simple, is there any way to directly or indirectly mount a FTP share using the mount command?
That would make this all fine and dandy and easy...

arew264 05-05-2007 11:38 PM

I'm confusing myself and running circles and all that crazy stuff people do when they can't figure something out.

What can I use that would work with Pam Mount? Would it be fairly secure?

arew264 05-05-2007 11:58 PM

I finally decided.
I'm going to use Samba with a MySQL backend so it can double as the database that PAM will use.
Unless, of course, someone can suggest something better.

arew264 05-06-2007 12:09 AM

Okay, so here's a brief walkthrough of how a login will work (this is a crazy habit of mine because it means I don't have to remember how this works :) )
User logs in to GDM
GDM contacts PAM backend
PAM connects to mysql server on workgroup server
-finds user in database
-checks password
-progresses to next module
PAM Mount uses username and password to mount Samba Share home directory

User is logged in

So the tricks I need to figure out are getting Samba to use the MySQL backend and then getting PAM-MySQL to get its info from there as well.

Some security considerations:
create a account in MySQL besides root that has a "strong" username and a "strong" password - make sure the pam config file is not readable to users. This will keep any other school linux gurus from getting on the network, brute cracking MySQL, and getting at everyone's gunk

Other than that, there is really no way to get users' stuff unless the school forces me to standardize passwords (username = lastnamefirstname, pass = [six digit student id]).

This will be my final setup unless someone has some advice to offer.

All times are GMT -5. The time now is 05:00 PM.