On 30 November 2014 at 02:30, Richard Owlett <rowl...@cloud85.net> wrote: > Scott Ferguson wrote: >> >> On 29 November 2014 at 08:17, Richard Owlett <rowl...@cloud85.net> wrote: >>> >>> Cindy-Sue Causey wrote: >>>> >>>> >>>> On 11/28/14, Richard Owlett <rowl...@cloud85.net> wrote: >>>>> >>>>> >> <snipped> >>> >>> >>> <chuckle> I've just proved ( again ;/ ) that my writing lacks clarity. >> >> >> It's hard to describe a custom live CD in a single, small post. > > > Not really. I did it in a single sentence - see 3rd sentence down.
How you want to achieve something?? Not what (objectives) - which you have expanded on in a subsequent reply to Curt. I'm still not clear on "why". This may be an xy problem - certainly based on the expanded objectives placing a script in /etc/rc.local to do what you describe is not the solution - nor is placing it in init. I believe Curt has the right idea - you want a "locked-down" desktop (limits user action, wipes previous session). Depending on what your objectives are (as opposed to "how I want to do what I don't know how to do") there are two approaches:- *1*. If you do *not* control the hardware the end-user will run the CD on - Build a Live-CD (see the debian packages of the same name). Modify the live CD to install the packages you want the user to have. "lock" the permission on any configuration files in their home directory you don't want them to be able to change. Be sure to lock down applications that allow extension/plugin additions (i.e. Iceweasel). Modify the logout button so that only two choices are possible - halt, and lock screen. A Live CD will eject during the shutdown process (you might find "man halt" informative). Setup autologin without password for a single user. e.g. "student" Use sudo to limit that users permissions. Setup ssh for remote administration. Configure the networking defaults. That's it (apart from documentation and testing, and internet access control which I'll cover later). Every time the users boots from the CD they are automagically logged into a pristine desktop with limited applications and rights. They can install, change, or go/save/browse nowhere, that you haven't allowed. When they shutdown the CD ejects and the box is powered off. *2.* If you do control the hardware - why bother with the CD? Just follow the same steps as *1.* with the additional steps of locking down GRUB and setting boot delay to 1, copying the modifications (locked permissions and customisation) to /etc/skel, and adding a script to the shutdown services that runs "deluser --remove-all-records student". The added advantage is that it'll be easier to update (and if you are allowing internet access you need to apply updates - *even* if you use the Live CD option). Network/Internet restriction policy. If you have a LAN that these "users" will be connected to - the best option IMO is to restrict browing at the access point using white lists (or blacklists if you enjoy playing pop-a-mole). Dans Guardian (for squid) is ideal. If that's not possible and you need to apply internet access control at the local box level (LiveCD or HDD) the simplest approach for an unskilled admin is to install either:- ;Parental Control GUI (which uses tinyproxy and Dans Guardian) https://launchpad.net/webcontentcontrol/ ;WebCleaner http://webcleaner.sourceforge.net/ ;privoxy (it's in the Debian repository). <snipped> > >> >> Dependant on what you mean by "anything else"... find out where >> "anything else" is triggered and remove the trigger. > > > Ugh ;/ That's "shutting the barn door...". Don't install door in first > place. I have no idea what you are trying to say there. Could you expand on that please. <snipped> Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/camt2cqpr6rn0noc-7qzeeztxpy+esbbmazemk+ngu7pftvo...@mail.gmail.com
