Quote:
Originally Posted by trevoratxtal
Help please.for All versions of desk top Linux
I would like to start all new sessions as totally clean from tmp and other leftovers. The reason as various users use a common logon for the charity's work. (Mobility loans , Scooters Wheel chairs etc) Volunteers (login as staff) any data left over to a new reboot may break the UKs stringent Data protection laws. While awaiting custom the volunteers play on the computer! Would tmpwatch fit the bill and how to implement it to ensure the clean start required. Maybe I am on the wrong track and would appreciate advise.
Of course any one that do not log of or close down can only blame themselves for data left on the machine.
|
If you reboot the machine between users, you can easily put something in at system start-up, to just remove that users home directory, and create a new, blank one. Once the user logs in, any new desktop config settings will be created, since (essentially), the system will think it's the first time they logged in. You could also flush the /tmp directory as well, if you're concerned about data-remnants. Simple script, placed anywhere in system startup to just run
Code:
rm -fR /home/staff
mkdir /home/staff
chown staff:users /home/staff
rm -fR /tmp
But the 'stringent data protection laws' you mention are essentially out the window in the scenario you describe, since all users share one password (no audit chain to see WHO was using the system), and can copy files/data to other storage media/email it out, etc. This would be very much like putting a heavy door with a great lock, on a house that's missing a wall. If you want to adhere to any sort of data security policies, you have individual ID's for each staff member, you enable auditing on the system, mirror ALL the logs to a second system, and physically disable any external media (USB ports, CD/DVD drives) that can copy data off. And you either disable access to email on those systems, or you scan all outgoing emails and copy outgoing attachments. Because emailing data off premises is just as effective as a USB copy.