[plug] Customising Knoppix for students

Cameron Patrick cameron at patrick.wattle.id.au
Sun Jul 6 08:11:49 WST 2003


On Sun, Jul 06, 2003 at 07:52:53AM +0800, Onno Benschop wrote:
| On Sun, 2003-07-06 at 01:44, John Clayton wrote:
| > Greetings pluggers. I am doing some research on customising knoppix for use 
| > in a primary school environment. What I would like is a version of knoppix 
| > or something similar that when booted up will give the user read access only 
| > no matter what they do while knoppix is running. I am wanting a fool proof 
| > and kid proof solution. I have had thoughts of using the NSA's Security 
| > Enhanced Linux within a knoppix distribution to make sure that root cannot 
| > do anything of any permanent nature to the computer it is being used on. Do 
| > any of you have any thoughts about this? I am hoping that the NSA at least 
| > would be able to survive the depredations of little kids "Mercury Rising" 
| > not withstanding :o)
[snip]
| If you need to provide the student with space to store data, give them
| access to a server.

Or run everything off a server, either having an NFS root or using
something LTSP-ish.

The problems which NSA SE Linux tries to solve seem to be of little
pertinence in a school environment.  I would worry more about physical
security (of the computers and of the Knoppix CDs!), kids being able to
reconfigure stuff that you may not want them to, and things like
Ctrl-Alt-F* or Ctrl-Alt-Backspace that you may not.  If you set BIOS and
LILO passwords there should be a negligible chance of people getting
root so SE Linux's restrictions on root won't help (-:

You may also want to consider using a window manager other than KDE that
can't be reconfigured while it's running, and chown its config files (or
even home directory) to root so that no-one can fiddle with it.

Cameron.



More information about the plug mailing list