use of tmpwatch

trevoratxtal · 10-30-2018, 02:14 AM

Help please.for All versions of desk top Linux
I would like to start all new sessions as totally clean from tmp and other leftovers.
The reason as various users use a common logon for the charity's work. (Mobility loans , Scooters Wheel chairs etc)
Volunteers (login as staff) any data left over to a new reboot may break the UKs stringent Data protection laws.
While awaiting custom the volunteers play on the computer !
Would tmpwatch fit the bill and how to implement it to ensure the clean start required.
Maybe I am on the wrong track and would appreciate advise.

Of course any one that do not log of or close down can only blame themselves for data left on the machine.
Many thanks for any help.
Trevor

TB0ne · 10-30-2018, 07:18 AM

Quote:

Originally Posted by trevoratxtal

Help please.for All versions of desk top Linux
I would like to start all new sessions as totally clean from tmp and other leftovers. The reason as various users use a common logon for the charity's work. (Mobility loans , Scooters Wheel chairs etc) Volunteers (login as staff) any data left over to a new reboot may break the UKs stringent Data protection laws. While awaiting custom the volunteers play on the computer! Would tmpwatch fit the bill and how to implement it to ensure the clean start required. Maybe I am on the wrong track and would appreciate advise.

Of course any one that do not log of or close down can only blame themselves for data left on the machine.

If you reboot the machine between users, you can easily put something in at system start-up, to just remove that users home directory, and create a new, blank one. Once the user logs in, any new desktop config settings will be created, since (essentially), the system will think it's the first time they logged in. You could also flush the /tmp directory as well, if you're concerned about data-remnants. Simple script, placed anywhere in system startup to just run

Code:

rm -fR /home/staff
mkdir /home/staff
chown staff:users /home/staff
rm -fR /tmp

But the 'stringent data protection laws' you mention are essentially out the window in the scenario you describe, since all users share one password (no audit chain to see WHO was using the system), and can copy files/data to other storage media/email it out, etc. This would be very much like putting a heavy door with a great lock, on a house that's missing a wall. If you want to adhere to any sort of data security policies, you have individual ID's for each staff member, you enable auditing on the system, mirror ALL the logs to a second system, and physically disable any external media (USB ports, CD/DVD drives) that can copy data off. And you either disable access to email on those systems, or you scan all outgoing emails and copy outgoing attachments. Because emailing data off premises is just as effective as a USB copy.

trevoratxtal · 10-30-2018, 07:51 AM

Many thanks TBOne.
A lot for me to think about.
I will experiment with your suggestions.
The computer is in use every day so I will experiment on my home machine first.
Was Windoz 95 but I hope to enhance the experience of the volunteers.

As for the UK data protection act it was devised by Morons (MPs) enacted on by even more uneducated. and of course unworkable.
"But one has to show one try ones best Watt"
As a charity I am unable to engage Lawyers (no money) and I have yet to find one that comprehends any Act of Parliament. Ho Ho

Thank you again.
A good start