Posted by: Anonymous Coward
on June 20, 2006 08:03 PM
Don't give them owner ship of there home directory.
Don't give them owner ship of desktop entrys or menu entrys. Desktop configs and the like they don't need to be changing.
For some tasks don't give them access to Windows manager and termials if they don't need it.
Ok console operatators can still add applications but they have to go to console to use them. Now this gets even better lock of console and non X11 term access without edit rights on there<nobr> <wbr></nobr>.bashrc files and the like they will not be editing them. Now they have to be really experenced person to get around this. Or able to exploit a flaw in something to get to a higher user.
Common misunderstanding that user has to own home directory they only have to have read only permissions on there group. Same with a lot of applications.
This is fort nox of setups. Most users hate it. This is great for a critical desktop to be operational. Since most of its untouchable.
I am a creative Linux/Windows User. Most of my creativitly is breaking open desktops to recover data because people loss passwords. It really does not make any difference how high the defence is if you forget the basics. Bios password. Fake login screen protection sysrq-k on linux anyone windows version of this please. Caused blue screen of death is not really the best way. Yes my kernels have this.
Because if a locked down user can break there account enough to fake a login screen and get a user with more access rights what is the point of the lock down.
Learn about Linux
Download Linux
Get Linux help
Linux users mess up stoping it is simple
Posted by: Anonymous Coward on June 20, 2006 08:03 PMDon't give them owner ship of desktop entrys or menu entrys. Desktop configs and the like they don't need to be changing.
For some tasks don't give them access to Windows manager and termials if they don't need it.
Ok console operatators can still add applications but they have to go to console to use them. Now this gets even better lock of console and non X11 term access without edit rights on there<nobr> <wbr></nobr>.bashrc files and the like they will not be editing them. Now they have to be really experenced person to get around this. Or able to exploit a flaw in something to get to a higher user.
Common misunderstanding that user has to own home directory they only have to have read only permissions on there group. Same with a lot of applications.
This is fort nox of setups. Most users hate it. This is great for a critical desktop to be operational. Since most of its untouchable.
I am a creative Linux/Windows User. Most of my creativitly is breaking open desktops to recover data because people loss passwords. It really does not make any difference how high the defence is if you forget the basics. Bios password. Fake login screen protection sysrq-k on linux anyone windows version of this please. Caused blue screen of death is not really the best way. Yes my kernels have this.
Because if a locked down user can break there account enough to fake a login screen and get a user with more access rights what is the point of the lock down.
#