[KLUG Members] Kiosk / Lightweight Workstation Recommendations

[Adam Tauno Williams]

> > > > And even after removing launchers from the 
> > > > panel(s) who knows if you "really" have everything locked down? Another 
> > > > big challenge here is blowing away the user directory after logout and 
> > > > recreating a clean user directory with the bare minimum dot config files 
> > > > et al.      
> > > rm -fR /home/tempuser
> > > cp -pR /home/skel /home/tempuser
> > > chown -R tempuser.nobody /home/tempuser
> > > You can put it right in the GDM login script so that part runs as root.
> > If you do that, you might want to consider a cp from /root/skel instead
> > of /home/skel. That might reduce the chances of someone getting in and
> > mucking with the model user directory.
> I'd use pam_mkhomedir to create the dir on login and the script to
> just delete it on logout.
> By default it uses /etc/skel. But you can give it any path you'd like.
> Add:
> session  required       pam_mkhomedir.so skel=/etc/skel umask=022
> to the top of your /etc/pam.d/gdm  file.

Agree 100%.  This is the correct/kosher/canonical way to solve this
problem.  I always forget about pam_mkhomedir.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20051213/755d945b/attachment.bin