Hi all,
I have been trying to implement xguest on our public computer room.
The users are authenticated by OpenLDAP (for easier user maintenance since
there are many computers) and I successfully converted all the users to
xguest_u.
I want to achieve a bit more security: I do not want the users to see other
usernames using for example "ps -ef", "who", lastlog, and /tmp or /var/tmp.
I saw something in D.Walsh blog which seems promising:
======
Also add these lines to /etc/secuirty/namespace.conf
/tmp tmpfs tmpfs ~xguest
/var/tmp tmpfs tmpfs ~xguest
$HOME tmpfs tmpfs ~xguest
======
So is there any way to make this default for all the users on all machines. And
new users to work automatically with such private /tmp and /var/tmp?
Converting users however introduced another problem with firefox, it stopped
working for the ldap users, but not for the local (/etc/passwd) ones which are
also xguests. Tcpdump revealed LDAP requests by firefox only for the LDAP
users. Any idea how to solve this issue?
Thank you in advance!
All ideas and solutions are welcome!
Hal
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
