Re: setting up and securing a shared internet terminal

From: armin walland (
Date: 05/11/03

  • Next message: Nick Maclaren: "Re: Closing ports-- in services or inetd.conf?"
    Date: Sun, 11 May 2003 09:21:41 GMT

    On 11 May 2003 00:21:32 -0700, mike <> wrote:
    > hi
    > we have a group of contract software developers working in a room and
    > due to policy reasons, they were not allowed to have internet access.
    > I would like to grant them internet access so that they could do their
    > job better, in the sense that whatever information they need for their
    > programming work, they could get from the internet.
    > In this case, i would like to set up a shared terminal for these
    > developers
    > to use the internet. Then comes to the part of securing this terminal
    > so that
    > they could not download and install software or change any system
    > configurations. They are supposed to only search for information.
    > Could anyone refer me some references/links that talk about this
    > topic.?? (eg which type of OS to use, how and what to tighten..etc.. )
    > or if anyone had experienced setting up this type of terminals please
    > show me some rope. thanks very much.

    i once saw a public shared computer that IMO was very well secured.
    it was running linux with no window manager installed.
    X was started via init and as an xclient only one mozilla window
    (without window manager) was opened.
    ctrl alt bkspc and ctr alt del were disabled, also all ttys. mozilla had
    tabbed browsing enabled so you weren't restricted to one window.

    however i do not know how they dealt with downloading. one idea might be
    to set the efault download location to be /dev/null and disable the
    download manager and the progress box and furthermore remove write
    access to all the user's homedirectory (not sure if mozilla will start
    then though, you'd have to try)

    hth, armin

    life, the universe and everything

  • Next message: Nick Maclaren: "Re: Closing ports-- in services or inetd.conf?"