On Thu, 2009-11-19 at 11:45 +0000, Richard Hughes wrote: > Surely if you're deploying a workstation (1000s of workstations?) you > would just ship an extra package that set the PolicyKit policies > according to the domain policy, so if I was a school, I would allow > the active users to unplug removable drives, but not detach physical > drives. I would also stop them installing and upgrading (not even give > them the option to enter a root password) and also lock down who can > change the clock. I would also prevent them from installing debuginfo > files and being able to set thier audio system to real-time priority. FWIW, what I set up for our school's Fedora 11 workstations is here: http://jdieter.fedorapeople.org/lesbg-polkit-setup-client.spec There are definitely some ways I could clean it up, but it at least keeps me from having students installing software (or running updates) without permission. Jonathan
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
