using linux for a windows 2000 server-like enviroment

im trying to present linux to my school system as an alternative to windoze and mac os (not that i dislike mac os ). however i am curious to know how you would have a linux 'server' with user accounts so that people can login via the network- if you see what im saying. kind of like win2k server and AtEase.
secondly, does anybody know how to 'restrict the desktop' in linux so that users can only run certain apps. thanks

-Aaron

Well, preventing users from running applications is quite simple. Probably the most effective way is making sure they don't have permissions to execute the programs in question. You could also try to make sure the programs are not in their path, but there is always the potential of the user navigating their way to the directory in which the program resides and running it.

However, I'm pretty sure that changing the permissions on certain programs could screw things up. What sort of programs would we be disallowing here? Besides, linux does a pretty good job of keeping all the potentialy destructive commands in one of the /sbin's. Considering the system of file permissions, probably the worst thing a user could do on a properly configured system is nuke their own home directory.

they would just be running mozilla/lynx, office programs, and various games. and btw, how can i stop them from nuking their own home directories?

You could disallow them access to their home directories, but that might be borderline foolish.

haha.. if they do, you might want to consider hyring them on to help you.... Navigation out of the home directory would be easy to block if they use a explore-like tool such as mozilla or konquerererer...... man i cant spell that, and if they figure it out in a console give them a cookie and a pat on the head for being resourceful, but just make sure they have no permissions to run anything you dont want them running,

In the case of Office, you could use Star Office, or through some fenagling you could install MS Office via wine.. but that would be a silly thing to do for a school.

oepn office seems to be a failry good rip off of MS office ...

with samba you can make a domain server that win2k machines can log onto I can dig up the tutorial if your interested

I do a lot of work getting schools set up with various operating systems. One of the things I've been working on (works in my test environments, don't have a test site yet) is having an entire lab running linux.

Things I've noticed work well, mounting the root file system as read-only, this prevents any changes no matter what. You still need to put the home dirs and temp on a different partition that's read/write.

Also, setting things up to be more like a diskless environment works very well, all home dirs are kept on the server (prolly just need 1) and using perl/bash scripts to use nfs to mount that student's personal file area based on their login. This way each student has the same desktop and any changes they do don't get saved when they log out.

You need to integrate LDAP to make this all work seamlessly.

As for preventing students from running programs, the easiest way to prevent it is to not install them, and anything that other users (teachers, admins) need to use, have their login scripts use nfs or take advantage of X servers.

You do need a 10/100 switch for this stuff to work well, but with educational discounts the 3com 24 port super stacks cost like $500.

If you were in the state of minnesota I could set your school up with a demo, but you probably aren't.

hey poly you dont by chance live in souther mn do ya?

http://www.distrowatch.com/table.php?distribution=blue

that one looks promising but havent taken a good look at it . . .

heh. well i installed all the ldap servers in the software install and cant figure out how in the world to configure any of them. thats probably half the problem right there. how do i go about configuring ldap?

snowmobile74 said:

hey poly you dont by chance live in souther mn do ya?

http://www.distrowatch.com/table.php?distribution=blue

that one looks promising but havent taken a good look at it . . .

Click to expand...

I live in St. Cloud, but my work does things all over the state, even in a few neighboring states, south dakota, north dakota. Working on getting a more nation wide thing, but since we're state government run it makes it kind of hard.

I've never heard of that Blue Linux, I personally like sticking with Redhat to make things easier for others. I don't like getting a call every day because no one else knows how to work the network. I never liked the educational distros. I don't see why a school needs a whole new distro, just configure one to fit the needs. I treate it like a business office except you lock things down just a little more.

http://www.openldap.org/doc/admin/quickstart.html