Maintaining the Salvation Army terminal server

From: Damien Hull <dhull@digitaloverload.net>
Date: Thu Oct 07 2004 - 11:59:54 AKDT

The Linux terminal server I setup for the Salvation Army has been up and
running for a few weeks now. So far I haven't had any complaints. I've
even been told that the people out in Palmer are very happy with it.

As the administrator of the system I am not so happy. I spent a lot of
time on this project. What I found out is that Linux lacks
administration tools. It also lacks good documentation.

Here's what I went with.
1. Slack 9.1
2. Dropline Gnome for the desktop
3. Cups and kprinter
4. Mozilla
5. Open Office
6. Other: games, gimp etc...

Here were my goals.
1. Low cost
2. Access to Internet, word processing, printing and maybe a few extras
3. User friendly
4. Give the users access to the applications they need and nothing else

Items 1 and 2 are relatively easy. Items 3 and 4 where tough to
implement.

User friendly
1. Same desktop setup for each user
2. easy access to applications and printing

The hard part here was creating the same desktop fore each user. I now
have the system configured so that when you run "adduser" it creates a
user with all the settings I want.

Locking down the system
1. no shell
2. Gnome desktop only
4. login screen
5. Put default settings back after the user logs out
6. Access to the applications in the menu, panel etc..

This was the hard part. Gnome has a tool that allows you to select which
parts of gnome the user has access to. You can lock down a lot with this
tool. However, I found the tool to be difficult to use. The rest were
not easy to implement either. I'm still working on item 5.

CONCLUSION
I think Linux works grate as a mail, web, DNS server etc... When it
comes to computer labs like the one I setup for the Salvation army it
sucks. I know that sounds harsh but other operating systems offer far
better administration tools. Lets play out a scenario. Take the
distribution of your choice and setup the following.

        You have been asked to setup an office network for the acme
        widget company. They have 10 employees. The company needs the
        following.

        1. Internet
        2. Email
        3. website
        4. office sweet
        5. file sharing
        6. printing
        
        To make things simple for the users and administration we will
        do the following.
        
        1. Every user will have the same desktop look and feel
        2. Users will not be allowed to select another desktop. If you
        go with a gnome desktop users should not be allowed to select
        fvwm or kde etc...
        3. Users should not have access to the command line
        
        The big boss man wants to be able to see information about
        sales. create the following.
        
        1. create a group called sales
        2. create a directory called sales for the sales group to save
        data
        3. give the sales group permissions to save data in the sales
        group
        4. create 3 users
        5. add one user to the sales group ( they should now be able to
        save data in the sales directory)
        6. give one of the users read access to the sales directory
        7. Give the last user no access to the sales directory

        Note: You need to remember that the company has 10 employees.
        They may have other groups then the sales group. Users may also
        be in more then one group. You also need to take into account
        that the company may grow and add new users. What ever you come
        up with needs to take these things into account.
        
        Have fun!

Why did I take the time to create this scenario? Well, I think that
Linux is lacking in this area. I also think that the majority of the
Linux community is not focusing on issues like this one. If you were to
do this in Windows or OSX you would have know problem setting up
anything outlined in the scenario. However, doing this in Linux is not
an easy task.

Pleas let me know if you manage to create a system that covers
everything in the scenario.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Oct 7 12:16:18 2004

This archive was generated by hypermail 2.1.8 : Thu Oct 07 2004 - 12:16:18 AKDT