User Linux

[Bevan C. Bennett]

Travis Riddle wrote:

> Hey man that's a good response.  I read that article on Ernie Ball and it is quite inspiring.  I have a few questions and I hope this will benefit other Fedora users.  
> 
> It sounds like you are running a full Linux shop.  I was curious on what you use for a login server.  Are you running NIS, OpenLDAP, or something else? 

I'm not George Farris, but I'm running a Linux shop (with a small number 
of remaining Win2k clients).

I'm using OpenLDAP all the way for authentication. I ran an NIS-based 
Sun shop for many years and LDAP is much nicer (and more secure if done 
properly).

> Also, on email, are you using Evolution or something else?  If you are running evolution what backend are you using?  Can you do Calendar items and appointments with other users?  Can you schedule resources (like cars, training rooms, labs) while setting up an appointment and/or meeting so that the resource is booked and not usable during the meeting's timeframe?  What about public folders and/or collaboration in general?

I have an IMAP server for email (Cyrus IMAP).
SMTP is by postfix, and I'm currently working on hooking in spamassassin 
and clamav to help reduce the flood of crap. I'd like to put in a 
web-based email portal at some point for remote users and people on 
travel, but it's not a high priority.

Most users use mozilla mail or mutt, but some still prefer pine, so I 
install that as well. I've been avoiding evolution because it tries to 
integrate calendaring into your mail client which never made sense to 
me.  We run a proprietary calendaring server called 'CorporateTime' that 
has native clients for Linux, various unices, Windows and Mac. 
Unfortunately, the company (Steltor) was purchased by Oracle and the 
calendar product rolled into the Oracle Collaboration Server (of Doom).

We also have a central NFS server (Network Appliance, 2TB) where we 
store home directories and project and shared folders.

> How do you interface with outside customers in regards to Word Documents and advanced Excel spreadsheets (Pivot Tables comes to mind)?  Do you experience problems in this regard?

Predominantly, we try to ship PDF files as our customer deliverables.
OpenOffice in it's latest incarnation is really to the point where it 
works 'well-enough' for opening things we get sent.

We do have a power excel user or two that can create OpenOffice-defying 
files, and a few Windows-only applications. For this purpose I have a 
single Windows 2000 terminal server (authenticated to a samba PDC). 
Users can pop up an rdesktop and run the windows app (or Excel) without 
having the pain of an actual windows desktop.

> Do you limit user's ability to do certain things they shouldn't be doing?  I realize I can just not include a web browser with Linux, however if they need to access our enterprise software using a browser but not the actual web, can I force specific settings to just their machine, user and/or group with Linux?  I know there are other ways to tackle this problem, but pushing settings from top down has been beneficial in the past for us.

Predominantly, those sort of policies would get enforced by your 
firewall, not your desktops, but you -could- put in more restrictive 
iptables configurations on the local machines as well.

Note that it is -very- difficult to prevent a linux user from 
downloading a binary into their own directory and running it as 
themselves. Even if you didn't install mozilla, you really can't stop 
someone from grabbing their own copy and running it out of their own 
directory. As mentioned, however, you -can- prevent their system from 
sending or listening to whatever combinations or servers and ports you 
want, either in iptables or at your firewall.

> I hope I don't sound too naïve, the things I do with Unix/Linux are Oracle databases and Enterprise software with a few other things thrown in (like Samba, FTP, DNS, Apache).  The rest of the network is VAX and Windows AD.  Sorry for the long response, I am just really curious.

That's where these things generally start.