Thanks for replying. I am aware that Vector's a multiuser system; what I was wondering though was if I create a new user with which belongs to all the groups (plugdev. disk, cdrom etc.), do I have to do anything else to secure the system from being able to, for example, delete key system files? Or to prohibit a casual user from being able to download and install unauthorised software?
A normal user (who belongs to all the normal groups) will not be able to delete anything out of the home directory created when you create the user. Downloading files is not very easy to prevent, but they will only be able to be saved to the user's home directory. Installing software is also not something that is easy to completely prevent, but a normal user would only be able to install to the home directory as well, which means that doing so should not affect anything else in the system. Even if they install something that could damage the system, unless they can gain root access, the system should prevent them from doing any damage.
So far as I can see, the main problem you would face is that people will download things and leave them lying around in the user home you have created, so you'll eventually end up with a fairly messy situation.
I wonder if it would be possible to have the user removed when they log off, and recreated when the system is next started? That would allow a frequent cleanout, and also make sure that the user's privacy is protected. I
think it should be possible with some scripts, but I'd have to think a bit about exactly how to do it. Someone else may have a better idea.
I know there are some distros which come with a 'Kiosk' mode which esentially provides access without allowing things to get to messed up. There was a variant of Zenwalk that was created that way - done by a guy in Malasia, if I remember correctly. Maybe a bit of googling for 'kiosk-mode linux' would get you some good answers.
The other thing that would be useful in the situation you're trying to create would be allowing users to copy files they've downloaded (or copies of email) to things like pen drives. You would probably need to look at modifying the standard menus to remove quite a lot of applications, but it should all be doable.
An interesting project....
I could of course experiment with my system, i.e. try and mess things up from a user account, but as I hope you can appreciate I don't really want to succeed at that.
Urk. That doesn't sound like a very good idea, at least not unless you want to reinstall. I guess you could create a new user for your own system and experiment with that, since changes you make to that user should not affect your normal user account at all. That way you can at least check that you have the correct restrictions in place.
It might also be possible to create a specifically limited user account - I have seen a couple of things that effectively create a chroot jail for limited user access. While most of those are intended for online, remote use, it should be possible to do for a local user as well. I'll see if I can find some references to the software used for that purpose and get back to you.
Paul.
