Security in Linpus - Help!

I have done lots of research. I understand Linpus automatically logs a user in with full root privileges. For many reasons I like the linpus OS for my environment, however, I would like to prevent users from opening the terminal without a password or at the very least from using sudo commands. I would also like to disable using Alt+f2 to run anything. I am proposing the use of a number of these in a school environment. The simplicity of Linpus and complexity of adding software is actually a good thing in this environment. I have set up the machine with all of the software I want students using. I just can't seem to lock it down to where they can't mess it up now. I have tried disabling auto-login and creating another user, but without giving the new user root access, Acer seems to have designed it so that many things break when this is done.

Any help would be appreciated.

 

Have you seen the /etc/sudoers file ?

 

I'll be a bit more specific as to my attempts.
1- Editing sudoers -- if the sudoers file is edited to require a password when using sudo, many of the functions of the machine no longer work, as Acer has set up the OS to require root access to run a number of things.

2- Multi-user -- Really, the issue is the same. I disabled the autologin and created a new user. Unless this user is in the root or wheel group, many functions do not work.

 

You hit the nail on the head. Linpus is not suitable. You should install a Linux distro that does not rely on the desktop ("console") user for running any system services. Fedora or Ubuntu would suit your need. Then, besides not granting privilege with sudoers, you should also put a password on the boot loader.

 

My solution so far-
I have decided to install a different distro. This was a big decision considering my inexperience with Linux. I researched a bunch and tried two. Eventually I settled on Linux4One. My reasons are simple- I want a lightweight, small distro, that is fast on these low end machines. This distro, like the linpus distro, is initially set up in single user, auto login mode. It was easy to change and the new user with limited rights can still has network services, printing, etc without having access to the control of those services.

Being inexperienced this was a bit challenging, but nothing too tough. The distro has many things stripped out, on purpose to be light as possible. I had to install printing services, OOO, and a few other things custom to our needs. I still end up with a nice clean machine with almost 5g free of my 8g SSD. Unfortunately, the one thing that seems broken is the ability to "merge" the left SD slot with the SSD as in the original distro.

I now have an admin user and a student user account. Obviously the admin has full privileges and the student has few. The student can still access the internet, print, access all appropriate software, a file manager thumb drives, etc. There are a few things still accessible by the students - they can still mess up the desktop, add icons, change backgrounds, etc. There is even the potential they can mess up the whole student account if they try hard enough. But now they cannot mess up the entire machine or get to a place where they can begin to hack into the network.

The big downside to all of this is that Linux -- whichever distro I have tried -- takes MUCH longer to boot in multi-user configs. Boot time is about 1:15.

 

The Fedora 10 XFCE Live distro that I tried booting from a USB stick was faster than that, if I remember correctly. It might be the original SSD that makes things so slow, the Linpus distro is heavily tuned for a slow SSD.

Since then I have replaced the internal 8GB SSD drive on the Acer Aspire One with an MTRON 16GB, which is much faster than the original one. I think I will at some point ditch the Linpus OS and go for either Moblin or a customized version of Fedora (probably after version 11 is released).

 

Linpus uses AUFS to "merge" the left SD card with the /home/user directory. Unfortunately, AUFS is not part of the standard kernel although some distros may include it.

1:15 to boot! Wow, my old P2 laptop with 128M boots in less than 30 seconds, the AA1 boots in around 15 seconds. Both with a highly customized Slackware 12.1. One of the cusomizations was making boot and shutdown run things in parallel and not wait for all services to start.
What distro is Linux4one based on? Try looking to see if people have come up with ways to boot faster by turning off unused services, for example.

Moblin looks interesting, one of it's goals is fast boot up.

 

It's based on the older ubuntu 8.04. If you like the netbook remix interface then the new Jaunty UNR alpha 6 is worth a try (if you own the HDD model).

Jukk, if speed is important to you you might wanna try out Sidux which in my experience is even faster than Linpus. Now that's a fast system!

More info:
viewtopic.php?f=5&t=12216

http://sidux.com/PNphpBB2-viewtopic-t-1 ... rt-45.html

 

The slow down in boot is really due to enabling multi users and forcing login. Unfortunately, I must in our environment.