Hi, i own a internet cafe that used to have windows installed in every computer but i decided to use linux instead. So i'm using CCL for the administration and everything is ok. My question is, what kind of security measures should i use in every computer to avoid users from damaging the pc. I wnat to do what i did when i had windows installed, not allowing entering in the control panel, not running certain programs, etc. So can anyone give me an idea about a program or tutorial that could help me? Thanks for any answer i may get.

Your main protection will be proper use of file permissions. You set up your file permissions so that your users can only access the few programs and data files that you allow them to use. Here is a tutorial on file permissions:

http://www.zzee.com/solutions/linux-permissions.shtml

---------------------
Steve Stites

One of my favorite examples of locked-down kiosks is at DNA Lounge in San Francisco, CA. You can see how it was setup here:
http://www.dnalounge.com/backstage/src/kiosk/

Everything i want to tell you is pretty long ... 2 things - if you just let everyone get into it by using a regular nonroot name and p/w , I think it would solve a lot of problems.

2. LTSP project is something that can maybe help you. Linux terminal server project.

Could also use something like Pessulus to lock down the gnome desktop..

http://www.gnome.org/~vuntz/pessulus/

In order to do anything serious to your boxes, they'd need root access.
You should patch your kernels with grsec/PaX to prevent the use of local root exploits and other malicious software, put them in a chroot and keep your systems updated (kernel + distribution). You have the alternative of using DeepFreeze as well. Here is their official site: http://www.faronics.com/html/dflinux.asp
It was used around here in internet cafe's, running Windows though.

Personally, I might be inclined to use a PXE boot solution.

Or maybe LTSP. http://www.ltsp.org

You would then have thin clients which can get booted with a new OS every day or when someone logs off. Removing any damage they caused if they did. Also keeping it up to date would be easier since you just have one global image that they boot off.

Here are 2 suggestions:

1. not only deny root access, uninstall sudo if it is installed, that could get ugly.

2. I have a friend thats a network administrator that setup a server that has virtual computers on it (i.e. VirtualBox), and the computers throughout the building are actually running VirtualComputers "projected" to their computers from the server. This would enable you to monitor their actions, as well as giving them a familiar environment. Also, you should be able to set it up so whenever you reboot the virtual machine, it restores your previous system, eliminating viruses and changes the user made. And, since your server would be running Linux, you could use a Linux firewall.