How to protect hd install from tampering?

Message

lawquest · #1 Post by **lawquest** » Fri 12 Jan 2007, 02:41

Hi folks,

We are continuing with our project of getting computers into the hands of kids here in Reno who don't have a computer in their home. We are using Puppy and it is going sort of well. We have pretty much given up on our idea of getting the kids up on the internet. It is just too expensive, wireless or dialup. While the 20 or so we have out now have Puppy installed on the hard drive, we are also about to give up on that too as it is easier to get cheap or free older computers which don't have hard drives. Our newest computer project contemplates giving kids computers which boot from a puppy CD Rom and save to a usb flash drive. That pretty much insures a fresh Puppy install each time. However, the kids who have puppy installed on their hard drive often complain that they (or more often some other family member) have overwritten or changed this or that crucial program and can't boot or if they can, can't get this or that program to work after booting. Generally we find that they have written over a crucial program and a re-install gets them going again. Now the question: For kids who boot from their hard drive, is there some easy way to protect the basic puppy files so that they are read only, thereby insuring that they cannot be accidentally changed?

John

kjs · #2 Post by **kjs** » Fri 12 Jan 2007, 03:57

John,

I'm not deep enough into Puppy yet to give you real help but a *nix like protection would sound better to me then setting all files via chmod into read only.
What I would suggest is running users as users and keep the root account for making changes in the essential files.....

Juergen

muggins · #3 Post by **muggins** » Fri 12 Jan 2007, 04:03

if you're hard disk installs are of the co-exist, (AKA frugal), variety, perhaps try kirk's encrypted pup_save, where a student would need a password to access his/her pup_save:

http://www.murga-linux.com/puppy/viewtopic.php?t=14114

i haven't tried myself...does anyone know of feedback?

muggins · #4 Post by **muggins** » Fri 12 Jan 2007, 04:10

another thing is to make it harder to run unneeded programs by removing icons from the desktop that students don't use, and also de-activating them in the start menu by commenting them out of the jwm config file. /root/.jwmrc .

also you might look for posts, or pm, others that are simularly involved in using puppy at the educational "coalface". forum members raffy, ecomoney & slapshot spring to mind.

muggins · #5 Post by **muggins** » Fri 12 Jan 2007, 04:23

also here are some relevant links for you to look at:

http://www.murga-linux.com/puppy/viewto ... 70&t=13645

http://www.murga-linux.com/puppy/viewto ... 024&t=9981

http://www.murga-linux.com/puppy/viewto ... 24&t=13175

http://www.murga-linux.com/puppy/viewto ... 324&t=1246

also puppy is designed for the user to run as root. there is a facility, called "spot", to run a user with restricted privileges, but i've never used it myslf.

these links has some info:

http://www.murga-linux.com/puppy/viewto ... 24&t=10992

http://www.murga-linux.com/puppy/viewto ... 24&t=11653

lawquest · #6 Post by **lawquest** » Fri 12 Jan 2007, 17:23

Thanks everyone. I see there is quite a bit of history here. I am now looking over raffy's site at

http://bexa.org/pup/

John

lawquest · #7 Post by **lawquest** » Sat 13 Jan 2007, 21:11

I have deleted the sub-topic as misleading but still am soliciting comments on how to protect essential puppy operating files from accidental tampering/overwriting by a novice user. We are spending way too much time re-installing puppy on student's computers after the student of a member of his family has accidentally rendered puppy unusable.

John

Gn2 · #8 Post by **Gn2** » Sat 13 Jan 2007, 21:25

Create individual users and passwords

Code: Select all

#{To add new user ~ Two part command line: as root ~}

useradd my_name -m -G users,wheel<<-(optional) -s /bin/bash

passwd my_name - #{>> enter ->> confirm) 

# {To remove a user} 

userdel my_name

A user (or Sys/Admin) may change own password, own Apps,
OWN configurations NOT any system critical items.

#9 Post by MU » Sat 13 Jan 2007, 22:02

If you run Puppy from CD or a frugal harddrive installation, it saves everything in pup_save.3fs.

Set up all basic stuff like internet-access, then reboot Puppy, and run it from CD with the boot-option:
puppy pfix=ram

Now Puppy runs without using pup_save.3fs, so you can mount the drive where it was created, and create a backup-copy of it.

If someone then "breaks" his Puppy, you just have to restore that file the same way.

To keep some personal things like downloaded Emails or bookmarks, you could mount the old pup_save.3fs (you must backup it first of course), and then copy these folders to the "new" pup_save.3fs:

/root/Mail
/root/.mozilla
/root/.sylpheed

Mark

never_stop_learning · Sun 14 Jan 2007, 01:31

John - I'm still in favor of a full HD install. Most of the machines have drives. We can get inexpensive refurbished HDs for any that don't. The alternative to running w/o a HD is to give the kids a USB drive, which are easily lost, for the pup_save.3fs file. The large lots of drive-less computers can be traded for complete machines.

IMO, we learned from our Beta project that - at least in the short term - providing computers AND city wide wireless Internet access is not feasible. I see no issues with providing computers with Puppy installed on the HD. We can still work with the "Kids Cyber Cafe" concept that includes Internet access in churches, schools, etc.

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum

How to protect hd install from tampering?

How to protect hd install from tampering?