EditAttachPrintable
r3 - 02 Oct 2006 - 21:02:03 - AndrewZYou are here: TWiki >  Ltsp Web  >  WorkInProgress > GeneralSystemSetup

General System Setup

These are recommendations for Linux multiuser or terminal server systems, so they also apply to LTSP systems. For example, you should not allow any user to reboot the server.

Note: Some of these are security tips, but all these tips are specific to multiuser or terminal server systems. In other words, this page is not for general security tips.

Disable rebooting and shutdown 

rm -f /etc/security/console.apps/{reboot,poweroff,halt}

Reference: http://linuxgazette.com/issue58/sharma.html

The above doesn't seem to work on my system (Fedora Core 4), so I also do: 

chmod o= /sbin/{halt,shutdown,reboot,poweroff}

Omit server's device icons in GNOME

By default, GNOME displays server's device icons (such as CD-ROM and Floppy) in on the desktop when mounted and always in the Computer Place ("Folder"). Users may mistakenly believe these devices icons refer to the devices on their own workstations when in reality the devices are in the server closet.

TODO: How to disable the server's device icons without disabling the Computer Place altogether and without disabling the display of remote mounted servers (e.g. FTP, WebDAV?)?

You can't: [http://bugzilla.gnome.org/show_bug.cgi?id=326354][Gnome Issue 326354: Nautilus: hide device icons (CD-ROM, floppy, etc.) in Computer and file dialogs]]

Limit user resources

You don't want one user bringing your system to a crawl, so you may want to limit user resources. One way to limit user resources is with ulimit. For details on the command, consult your systems's documentation by running man ulimit.

If you decide to use ulimit at all, the values you will use depend on your system. Also, you may want to limit some resouces but not others. In any case, the following is a starting place. 

ulimit -c 0 # no core files on crash
ulimit -d 2097152 # 2GB data segment
ulimit -f 512 # 512 files opened by shell
ulimit -l 2097152 # 2GB may be locked into memeory
ulimit -m 2097152 # 2GB resident size
ulimit -s 2097152 # 2GB stack size
ulimit -u 512 # 512 processes
ulimit -v 2097152 # 2GB virtual memory

To implement ulimit across many users, try the startup script technique in ManagingUserConfiguration.

-- AndrewZ - 06 Jan 2006

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback