[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Q;Resetting Profiles?

Alex Brasetvik wrote:
> Petter Reinholdtsen wrote:
> > [Ralf]
> >
> >>As explanation: I am talking about generic user accounts, one for
> >>each thin client, that can be used until everybody owns their own
> >>account...
> >
> > I believe it is a bad idea to not have separate accounts for each
> > person.  You will open a can of worms with people doing bad things
> > without any accountability.
> Agreed.
> However, in newer versions of KDE you may set up a fixed,
> unchangeable interface with the Kiosk mode. This might be useful
> in for instance the school librariy with a terminal on which you
> can only search for books.
> --
> Alex Brasetvik

This security issue goes three ways:
1. against the system (which we presumable may do changes to safeguard 
2. against other users, on this system or elsewhere.
3. against the organisation (which is actually legally responsible for actions 
made trough their computers unless they are able to track the use and point 
out who did use what protocol where and when.)

Number 1 is a computer programming and configuration issue. The two others are 
Number 2 is a matter of social misbehaviour like harassment or victimising. 
This are serious issues; at least in Norway these are criminal acts which in 
rear cases are proven ultimately deadly for the victims of such.
Number 3 is a matter of the organisation being responsible enough to safeguard 
themselves against consequences of people using their facilities to inflict 
damage towards others trough sheer stupidity or in rear cases criminal acts.

We may be able to set up KDE in such a way that it is only possible to start 
konqueror. This alone is unfortunately not efficient to address against 2 and 
3 above. To be efficient we also need to lock down the browsing-capabilities 
in konqueror so the user never reaches a sms-web-service, web-forum etc.

I don't know much about "kiosk-mode" other than it's possible to limit what 
applications the user may start, so ultimately what I addresses here may not 
be an issue any longer. 

Gjermund Skogstad

Reply to: