[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Creating a peculiar Live-CD

On 30 November 2014 at 02:30, Richard Owlett <rowlett@cloud85.net> wrote:
> Scott Ferguson wrote:
>> On 29 November 2014 at 08:17, Richard Owlett <rowlett@cloud85.net> wrote:
>>> Cindy-Sue Causey wrote:
>>>> On 11/28/14, Richard Owlett <rowlett@cloud85.net> wrote:
>> <snipped>
>>> <chuckle> I've just proved ( again ;/ ) that my writing lacks clarity.
>> It's hard to describe a custom live CD in a single, small post.
> Not really. I did it in a single sentence - see 3rd sentence down.

How you want to achieve something?? Not what (objectives) - which you
have expanded on in a subsequent reply to Curt. I'm still not clear on

This may be an xy problem - certainly based on the expanded objectives
placing a script in /etc/rc.local to do what you describe is not the
solution  - nor is placing it in init.

I believe Curt has the right idea - you want a "locked-down" desktop
(limits user action, wipes previous session).  Depending on what your
objectives are (as opposed to "how I want to do what I don't know how
to do") there are two approaches:-

*1*.  If you do *not* control the hardware the end-user will run the
CD on - Build a Live-CD (see the debian packages of the same name).
Modify the live CD to install the packages you want the user to have.
"lock" the permission on any configuration files in their home
directory you don't want them to be able to change. Be sure to lock
down applications that allow extension/plugin additions (i.e.
Modify the logout button so that only two choices are possible - halt,
and lock screen. A Live CD will eject during the shutdown process (you
might find "man halt" informative).
Setup autologin without password for a single user. e.g. "student"
Use sudo to limit that users permissions.
Setup ssh for remote administration.
Configure the networking defaults.
That's it (apart from documentation and testing, and internet access
control which I'll cover later).

Every time the users boots from the CD they are automagically logged
into a pristine desktop with limited applications and rights. They can
install, change, or go/save/browse nowhere, that you haven't allowed.
When they shutdown the CD ejects and the box is powered off.

*2.* If you do control the hardware - why bother with the CD?
Just follow the same steps as *1.* with the additional steps of
locking down GRUB and setting boot delay to 1, copying the
modifications (locked permissions and customisation) to /etc/skel, and
adding a script to the shutdown services that runs "deluser
--remove-all-records student".
The added advantage is that it'll be easier to update (and if you are
allowing internet access you need to apply updates - *even* if you use
the Live CD option).

Network/Internet restriction policy.
If you have a LAN that these "users" will be connected to - the best
option IMO is to restrict browing at the access point using white
lists (or blacklists if you enjoy playing pop-a-mole).  Dans Guardian
(for squid) is ideal.
If that's not possible and you need to apply internet access control
at the local box level (LiveCD or HDD) the simplest approach for an
unskilled admin is to install either:-
;Parental Control GUI (which uses tinyproxy and Dans Guardian)
;WebCleaner http://webcleaner.sourceforge.net/
;privoxy (it's in the Debian repository).

>> Dependant on what you mean by "anything else"... find out where
>> "anything else" is triggered and remove the trigger.
> Ugh ;/ That's "shutting the barn door...". Don't install door in first
> place.

I have no idea what you are trying to say there. Could you expand on
that please.


Kind regards

Reply to: