[KLUG Members] Kiosk / Lightweight Workstation Recommendations
Jeremy Leonard
lists at elite4god.com
Tue Dec 13 11:33:01 EST 2005
Andrew Thompson wrote:
>>>And even after removing launchers from the
>>>panel(s) who knows if you "really" have everything locked down? Another
>>>big challenge here is blowing away the user directory after logout and
>>>recreating a clean user directory with the bare minimum dot config files
>>>et al.
>>>
>>>
>>rm -fR /home/tempuser
>>cp -pR /home/skel /home/tempuser
>>chown -R tempuser.nobody /home/tempuser
>>
>>You can put it right in the GDM login script so that part runs as root.
>>
>>
>
>If you do that, you might want to consider a cp from /root/skel instead
>of /home/skel. That might reduce the chances of someone getting in and
>mucking with the model user directory.
>
>
>
I'd use pam_mkhomedir to create the dir on login and the script to just
delete it on logout.
By default it uses /etc/skel. But you can give it any path you'd like.
Add:
session required pam_mkhomedir.so skel=/etc/skel umask=022
to the top of your /etc/pam.d/gdm file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.kalamazoolinux.org/pipermail/members/attachments/20051213/b04a659a/attachment.html
More information about the Members
mailing list