addtl security measures
Obviously this is a huge topic so allow me to try to describe the situation
a little in hopes of narrowing it down.
We are trying to implement some suse workstations that will be as close to
thin clients as we can get them.
I installed suse 9.1pro and have worked extensively with KDE-Kiosk to lock
the users in fairly tightly, many of the users have nothing under the
"start menu" blank taskbars (please excuse the windows terminology) no
ability to right click anywhere and every method for accessing the command
line that I know of disabled.
I then installed Bastille which I BELIEVE is running correctly (looks like
it applied the options I selected) and am now looking to take some final
steps to make sure users dont have access to anything other than what they
absolutely need.
I notice when logged in as a user with a few more priveleges than described
above although still restricted by kiosk, that they cannot get to /root/
while browsing around (there is a locked icon on the folder) but they can
get to other folders and view contained files and it just wont let them
write to them. How can I lock them in their local directory so they cannot
get into anything else to poke aronud or view files without stepping on the
kde-kiosk profile files and wallpapers and icons that the users are using
in KDE (these files are located a few different places).
I assume the best solution is to put their wallpaper kde-kiosk profile
files, desktop shortcuts and anything else they need in their home
directory and lock them in there, but the desktops are identical across
multiple users so they all access the same shortcuts, have the same icons
and wallpapers and use the same kiosk profiles. Any ideas for how I should
set this up? And what is the best way to go about setting all these
folder/file permissions?
thanks for any guidance
|