[Techtalk] Making Linux safe for wife and kids...
agoats at compuserve.com
Wed Sep 25 23:13:45 EST 2002
With the response I had to questions in grrltalk, I thought I would hit
this section for some help.
I have 4 major categories of users (including root):
1) kids: they have access to /home/username only, can run games,
learing tools and cannot view anyone in /home files. I don't need a war
between them because one did something or saw something in the others
2) users: basically me, my wife and teens: they have access to
/home/username, can run typical user stuff, can view each others
directories (helps keep them honest and out of trouble), can run pppd
3) power user (me): basically can run anything and has access to
everything including directories blocked to everyone else. Sort of a
"safe" mode for me.
4) root: me, in "god mode" and totally unsafe to everything, able to
do anything. No, I'm not a megalomaniac, it's just that this is the best
discription I've seen of root priveledge.
I have managed to set certain directories off limits with midnite
commander (mc), by using File -> Advanced chown and setting the values
to rxw r-- r--. The directory name is seen, but access to anyone not
root is "denied".
poweruser needs access to these blocked directories as well, but no one
else. These directories contain data, work files, consulting
directories, download files, etc. No one else needs access to them.
Now, I've read the manuals and tried to follow them, I've read and
bought some of the books (Jenn, I'm still looking for the title you
passed to me) and still have not succeeded in setting my workstation up
for their use as described above. I am not a sys admin or network admin.
I'm a physicist who needed Unix of some flavor in order to run software
from JPL, NASA, etc. Their software is not and will not be ported to
windows (besides the security/crashing problems...<g>).
I am currently running Slackware 7.1 (kernel 2.2.16) and debugging 8.1
(kernel 2.4.18) before switching over (that's another disk in the
directory tree no one can access).
Now, HOW DO I DO IT?
Cause after I get my PC done (which has internet access), I have my
wife's and kids computers to do next!
Your group has been more helpful than the majority I've tried.
More information about the Techtalk