Need Little IT advice here...
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 12 12:04:33 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/12/2011 12:16 AM, Bruno Wolff III wrote:
> On Thu, Aug 11, 2011 at 22:57:18 -0500, Manuel Escudero
> <Jmlevick at gmail.com> wrote:
>>
>> I want to set a standard configuration in a machine and then let
>> that machine to be used by many users, but as soon as the user Log
>> Out (preferably in that moment) I want the machine to undo all the
>> possible changes the user may have done while he/she was using it.
>
> xguest might do what you want. Description : Installing this package
> sets up the xguest user to be used as a temporary account to switch
> to or as a kiosk user account. The account is disabled unless SELinux
> is in enforcing mode. The user is only allowed to log in via gdm. The
> home and temporary directories of the user will be polyinstantiated
> and mounted on tmpfs.
I would actually look at what xguest is doing to achieve this. The main
feature is to setup pam_namespace for ~/ and /tmp, /var/tmp
You may or may not want to use SELinux to prevent them from attempting
to do evil, I would recommend you set these users as xguest_u if they
are logging in via X, or guest_u if they are only having terminal access.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5FFtEACgkQrlYvE4MpobOkvwCfYquD2KScM+Fj9ru4NocBvm60
+1QAn26wHKW1IEMljwzAP612yhLgqlG3
=n4t2
-----END PGP SIGNATURE-----
More information about the users
mailing list