Printable View
So we're investigating using these for first year student, with no shares or printers mapped, just using the wireless networks for web access, and the basic install of Linux out of the box, but I'm concerned about the easy access to Terminal etc..has anyone found a way of locking them down, to avoid this issue, or how have people set them up on their network (XP install, cc3 build)...whats the best route to take...
Nick
No responses..is that because no one else is using them? I'm facing management of 140 of them in a few weeks..
We've been looking at getting a few (especially now that RM are doing a 30 piece kit for about £4k).
But, as they will be used by the Scient dept for logging, and the software only works on Windows, we (read ME) are going to install WIn XP on them (with nlite). Although, I need to check the licensing...
If you're planning to use Linux, could you remove all the stuff that you don't want them to use ?
I admit, I haven't fiddled with them much.. apart from joining them to our Wireless LAN, and then handed them back to Science.
I thought the default Linux on them (Xandros ?) used an XML file to create the "desktop", if so, you muct be able to remove everything (but what you want), and then they can't run it.
Then you'll have to figure out Sysprep and imaging them...
The worst problem with the security is that they can be easily formatted by students, or students can send each other handy scripts to brick each others machine. They are quite easy to image back though.
Yeah, I'm not that bothered about them being bricked, because it's a five minute job to restore the original image..
just concerned about the administrator level access and the rooting thing.
I can't remember enough linux stuff from uni to be able to convince myself they can't mash our servers...
..i had one year 8 kid asking me about A records in DNS yesterday...scared the life out of me...
Having access to a terminal window in itself isnt an issue. From a terminal window they will still need to input an admin password to do anything but basic commands.
Just make sure they have user level privilidges, nothing more, and you won't have many problems.
Admin access on terms can be had via 'sudo su', 'sudo -s' and other such simple commands.Quote:
Originally Posted by ian_cox
If they have user level privildges it wont shutdown or mount drives.
Chat programmes like 'pidgin' are installed by default and with simple term commands can be put back if you have removed them. Along with network sniffers if they are feeling brave and you dont have them properly segmented from the other network traffic.
Terrible OS for school environment.
"sudo -su" and "sudo -s" rely on the file "sudoers" which you can configure to allow the user account no privileges or whatever you want/need.
Linux is not a terrible OS for a school environment, its only terrible when its configured by people who don't know how to use Linux properly.
Why is it that when techies compare Windows to Linux, we tend to compare a fully locked down/group policied Windows to a base install of Linux? Is that really a fair comparison?
The problem in this case is that the people who don't understand it are Asus. their configuration means that the default install won't boot without a passwordless sudo.Quote:
Originally Posted by ian_cox
If your not concerned about them being bricked then there shouldn't be too much problem with students having root. - provided your network and servers are secure. IMO the worst case scenario would be students installing password sniffers and DoS tools (or using a ping -f for example). If your network is encrypted and could withstand a distributed DoS attack from these machines then your probably ok.
Thery are only 'terrible' for school if your infrastructure design is so limited in the first place.
Take a look at Ubuntu eee
It looks nice and you can set up different user accounts with different levels of security.. It may take a bit of fiddling to get everything running perfectly, It took me about an hour or so. All the necessary documentation is on the site anyway.
:D