-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hal wrote: > Hi all, > I have been trying to implement xguest on our public computer room. > The users are authenticated by OpenLDAP (for easier user maintenance since > there are many computers) and I successfully converted all the users to > xguest_u. > I want to achieve a bit more security: I do not want the users to see other > usernames using for example "ps -ef", "who", lastlog, and /tmp or /var/tmp. > > I saw something in D.Walsh blog which seems promising: > ====== > Also add these lines to /etc/secuirty/namespace.conf > /tmp tmpfs tmpfs ~xguest > /var/tmp tmpfs tmpfs ~xguest > $HOME tmpfs tmpfs ~xguest > ====== > So is there any way to make this default for all the users on all machines. And > new users to work automatically with such private /tmp and /var/tmp? > > Converting users however introduced another problem with firefox, it stopped > working for the ldap users, but not for the local (/etc/passwd) ones which are > also xguests. Tcpdump revealed LDAP requests by firefox only for the LDAP > users. Any idea how to solve this issue? > Ok I need to add auth_use_nsswitch to mozilla policy > Thank you in advance! > All ideas and solutions are welcome! > > Hal > > > > > ____________________________________________________________________________________ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfNbAgACgkQrlYvE4MpobPixQCgyhSn0VDs0xlqCMnfkYUN/WsI RAAAoKTDrquBqR8uBLCyxcXeSnYHcWZS =8lnu -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
