[KLUG Members] Kiosk / Lightweight Workstation Recommendations
Adam Tauno Williams
adam at morrison-ind.com
Tue Dec 13 12:05:24 EST 2005
> > > > And even after removing launchers from the
> > > > panel(s) who knows if you "really" have everything locked down? Another
> > > > big challenge here is blowing away the user directory after logout and
> > > > recreating a clean user directory with the bare minimum dot config files
> > > > et al.
> > > rm -fR /home/tempuser
> > > cp -pR /home/skel /home/tempuser
> > > chown -R tempuser.nobody /home/tempuser
> > > You can put it right in the GDM login script so that part runs as root.
> > If you do that, you might want to consider a cp from /root/skel instead
> > of /home/skel. That might reduce the chances of someone getting in and
> > mucking with the model user directory.
> I'd use pam_mkhomedir to create the dir on login and the script to
> just delete it on logout.
> By default it uses /etc/skel. But you can give it any path you'd like.
> Add:
> session required pam_mkhomedir.so skel=/etc/skel umask=022
> to the top of your /etc/pam.d/gdm file.
Agree 100%. This is the correct/kosher/canonical way to solve this
problem. I always forget about pam_mkhomedir.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20051213/755d945b/attachment.bin
More information about the Members
mailing list