LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-21-2014, 12:12 PM   #1
tinkerdrel
LQ Newbie
 
Registered: Jul 2014
Posts: 3

Rep: Reputation: Disabled
Looking for way to "reset" after every session.


Hey everyone

I was wondering if there is a piece of software I can use to make my system reset after every reboot.

My goal would be to make a guest user account on a computer I have, I would set up the network set up some basic programs and then make a "restoration point". Every time someone would reboot the computer everything has to go back to that restoration point and all the settings and temp files and caches and installs etc have to be wiped out. Basically undoing everything that person did.
I have searched here and on the net, but I can't really find a way how to do this. I am also not really sure how a piece of software like that would be called.

Thank you for your help!

Kind regards
Tinker
 
Old 07-21-2014, 12:47 PM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
http://www.faronics.com/products/deep-freeze/

This. If you want to make permanent updates/changes, you 'unfreeze' it and make the changes. When it is 'frozen' nothing you do to the computer is saved.

We use the enterprise version to keep the users safe. It works wonderfully. Getting around the virus updates was the only problem we had.

Last edited by szboardstretcher; 07-21-2014 at 12:49 PM.
 
Old 07-21-2014, 01:06 PM   #3
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 286

Rep: Reputation: 91
A user's $HOME directory on a tmpfs filesystem would be gone after every reboot. Regardless of filesystem, most distributions delete the contents of the directory /tmp on boot.

One-time user-creation:

Code:
mkdir /tmp/guest
useradd -d /tmp/guest -m guest
passwd guest
You would have to make sure that the user's $HOME is created on every boot. Then you could populate it with your "template" and change ownership to the user.

On every boot:

Code:
mkdir -p /tmp/guest
rsync -a --no-o /etc/skel/ /tmp/guest/
chown -R guest:guest /tmp/guest
This assumes that /tmp is wiped on every boot, that there is no user "guest" already, and that your distribution creates a group "guest" along with the user. You can name the user as you wish in case of username collision. Add the new user to the groups he needs (audio/video/usb/plugdev...). The directory /etc/skel is the default for new user templates, but you do not have to use it. You can create your own template.
 
1 members found this post helpful.
Old 07-21-2014, 01:07 PM   #4
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Sounds like you might want a customized LiveCD that loads totally into memory. I have a similar setup on one of my computers (a fileserver that nobody ever logs into). It loads the LiveCD from harddisk rather than from a CD. Totally into memory. As it boots, I have created custom startup scripts that change the root password, set up the network, configure Samba for file sharing, run automated backups, etc. Mine is based on SysRescueCD (thus, only a basic GUI is supported - doesn't matter to me since I use commandline only on that server). But you should be able to do it using just about any LiveCD. Depends on what software you need installed and how sophisticated of a system you want to run.

With the LiveCD approach, especially a customized setup that loads off of harddisk and runs 100% from memory, your user could totally trash your system and it would be repaired perfectly upon reboot. Plus, it would run blazingly fast. But you would have issues with things like historical emails held in a local inbox, web browser bookmarks, etc., unless you took all that into account in your customizations and devised some way to save those in a permanent data store.
 
Old 07-21-2014, 02:45 PM   #5
tinkerdrel
LQ Newbie
 
Registered: Jul 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by szboardstretcher View Post
http://www.faronics.com/products/deep-freeze/

This. If you want to make permanent updates/changes, you 'unfreeze' it and make the changes. When it is 'frozen' nothing you do to the computer is saved.

We use the enterprise version to keep the users safe. It works wonderfully. Getting around the virus updates was the only problem we had.
Thank you for the, I think I remember that name from on some public windows PC's. I didn't know they also made it for Linux. Will check it out.

Quote:
Originally Posted by cepheus11 View Post
A user's $HOME directory on a tmpfs filesystem would be gone after every reboot. Regardless of filesystem, most distributions delete the contents of the directory /tmp on boot.

One-time user-creation:

Code:
mkdir /tmp/guest
useradd -d /tmp/guest -m guest
passwd guest
You would have to make sure that the user's $HOME is created on every boot. Then you could populate it with your "template" and change ownership to the user.

On every boot:

Code:
mkdir -p /tmp/guest
rsync -a --no-o /etc/skel/ /tmp/guest/
chown -R guest:guest /tmp/guest
This assumes that /tmp is wiped on every boot, that there is no user "guest" already, and that your distribution creates a group "guest" along with the user. You can name the user as you wish in case of username collision. Add the new user to the groups he needs (audio/video/usb/plugdev...). The directory /etc/skel is the default for new user templates, but you do not have to use it. You can create your own template.
This looks like a really good way, only problem is that my Linux knowledge is really minimal.
For example, do installed programs and changed settings also get saved in the $HOME directory?
Because I would like to allow the user to change settings even install programs. But only for the session.


Quote:
Originally Posted by haertig View Post
Sounds like you might want a customized LiveCD that loads totally into memory. I have a similar setup on one of my computers (a fileserver that nobody ever logs into). It loads the LiveCD from harddisk rather than from a CD. Totally into memory. As it boots, I have created custom startup scripts that change the root password, set up the network, configure Samba for file sharing, run automated backups, etc. Mine is based on SysRescueCD (thus, only a basic GUI is supported - doesn't matter to me since I use commandline only on that server). But you should be able to do it using just about any LiveCD. Depends on what software you need installed and how sophisticated of a system you want to run.

With the LiveCD approach, especially a customized setup that loads off of harddisk and runs 100% from memory, your user could totally trash your system and it would be repaired perfectly upon reboot. Plus, it would run blazingly fast. But you would have issues with things like historical emails held in a local inbox, web browser bookmarks, etc., unless you took all that into account in your customizations and devised some way to save those in a permanent data store.
Hey thank you for the idea, this is indeed a very good idea. The only problem is that it will only be one user account that has to be "wiped" after each use.
The other user accounts would have to function like normal ones, storing data etc. So I am not sure this will work for this situation, but I will keep it in mind.
 
Old 07-21-2014, 04:55 PM   #6
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
You could create a virtual machine inside your main machine, and then turn the devious user loose in the VM. Restore the VM from a backup copy after they have logged out. It would take some scripting knowledge to make all this happen.

Quote:
only problem is that my Linux knowledge is really minimal
Unfortunately, that is probably the final nail in the coffin for the VM idea.

What you're wanting to do is force-fit this user into a sandbox where they can kick as much sand in their own face as they want, but they can't get anything into anybody else's sandbox or into the system sandbox. Totally isolated from everything else on your system. That is not a beginner concept as far as system administration goes. A VM is perfect for this. But passing this user transparently (and harmlessly) through your main system and into the the VM will take a little knowledge and skill. It will be cleaner if this user is logging in remotely, not sitting directly in front of the computer you want to protect. For the remote case, you could just set up the VM with it's own external IP address that the user would access it from. This is exactly how some software companies implement training for their products. Students remotely login to a VM. Oracle is one such company that does this, or at least they used to, last time I took one of their classes. Of course, that particular class was on creating and configuring VM's, so it was pretty obvious that we would be using them in that manner.

Last edited by haertig; 07-21-2014 at 04:56 PM.
 
Old 07-21-2014, 04:58 PM   #7
cepheus11
Member
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 286

Rep: Reputation: 91
Quote:
For example, do installed programs and changed settings also get saved in the $HOME directory?
Changed settings yes, but installed programs - no. If you want to allow the user to tinker with the installed package set (which is system-wide), you have to go the sandbox/vm route.
 
Old 07-21-2014, 07:05 PM   #8
tinkerdrel
LQ Newbie
 
Registered: Jul 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by haertig View Post
You could create a virtual machine inside your main machine, and then turn the devious user loose in the VM. Restore the VM from a backup copy after they have logged out. It would take some scripting knowledge to make all this happen.


Unfortunately, that is probably the final nail in the coffin for the VM idea.

What you're wanting to do is force-fit this user into a sandbox where they can kick as much sand in their own face as they want, but they can't get anything into anybody else's sandbox or into the system sandbox. Totally isolated from everything else on your system. That is not a beginner concept as far as system administration goes. A VM is perfect for this. But passing this user transparently (and harmlessly) through your main system and into the the VM will take a little knowledge and skill. It will be cleaner if this user is logging in remotely, not sitting directly in front of the computer you want to protect. For the remote case, you could just set up the VM with it's own external IP address that the user would access it from. This is exactly how some software companies implement training for their products. Students remotely login to a VM. Oracle is one such company that does this, or at least they used to, last time I took one of their classes. Of course, that particular class was on creating and configuring VM's, so it was pretty obvious that we would be using them in that manner.
Quote:
Originally Posted by cepheus11 View Post
Changed settings yes, but installed programs - no. If you want to allow the user to tinker with the installed package set (which is system-wide), you have to go the sandbox/vm route.
Thank you both for your answer.
I also fear that my very limited knowledge about Linux will be a problem for this. On the other hand, "the guests" that will be using it have even less knowledge about it than me. So it doesn't have to be super secure.
But thank you very much for your input.
 
Old 07-21-2014, 08:48 PM   #9
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Well, if you won't have both normal users and this rogue user you want to control logged in AT THE SAME TIME, you can still use the LiveCD method. Normal users use the normal system. When the rogue comes over, you reboot it from the LiveCD and do not mount any of your hard disk partitions. Let them play in the LiveCD environment. Then when they leave, boot back to the normal system. You would probably want to make it so that the rogue could not easily reboot your computer, thus gaining access to your normal setup. You could implement this with a BIOS password or similar. Nothing will be 100% secure, especially when they have physical access to your computer. They could defeat BIOS passwords by taking your computer apart, removing the BIOS battery, shorting pins, etc. Or, even from the LiveCD environment, then could manually mount your hard disk partitions and nuke them. But this would take some knowledge and maliciousness on their part. Something you say they don't have (at least not the knowledge part). It would be good parctice to keep a complete backup of your system on an external hard disk (hidden away so the rogur couldn't find it), just in case they do breech all your efforts and manage to mangle your system. You could always do a bare-metal restore from that backup. But make sure you have a 100% solid backup, and know how to restore from it. Many people who don't have a lot of computer experience may be doing backups, thinking they are 100% protected, but when the rubber meets the road, they find their backups are incomplete, corrupted, or they don't know how to use them. So don't be like that - learn and practice in advance.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"clear" and "reset" bash commands broken AviJacobson Linux - General 6 07-03-2006 06:28 AM
"clear" and "reset" bash commands broken AviJacobson Linux - Software 1 06-29-2006 02:31 PM
"mythtv-setup" giving "Session management error: Authentication Rejected" Mitchua Ubuntu 0 10-09-2005 04:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration