School Intranet Servers (was: Re: [Lias] Thanks for help re Proxy)

Andrew Dorrell andrew.dorrell at cisra.canon.com.au
Fri Mar 28 09:15:02 UTC 2003 

Managing users and passwords is a real point of diversity that I think 
we could really do some good for:

(BTW the following is a list of points for discussion not direct advice 
to anyone)

1. I setup my last server to use smb for all authentication (thanks to 
PAM). I did this because it was the quickest way to unify things but I 
susspect that a system base on LDAP would have been a better one?  This 
seemed much harder but may have given much better mac integration.

2. I have also made a modified /etc/skel.  In the shareing of home 
directories via smb and netatalk I make it a rule _not_ to share the 
home folder but one or more subdirectories of it - in particular 
"Documents" and "public_html"

3. On PCs I can then have a startup script to map the users 
$(HOME)/documents to h: and leave a shortcut to "My network folder" -> 
h: in the global desktop configuration.

4. On the last server I did I setup scripts to setup new teacher and 
sudent accounts - creating the required directories etc to implement a 
heirachy of access:

teacher has access to their own private space
                       plus student home directories
                       plus teacher share
                       plus student share

students have access to private file space plus student share

admin (office staff account) has access to private space plus admin share

teachers can be added to an admin group which gives them access to the 
admin share

There was quite a bit of work involved in setting this up (and working 
it out!) and I would like to find a way to share the results - perhaps 
they can be developed further?  One of the problems however is that I 
only get access to the installed system on occation as it is firewalled 
(of course) by DET... so a wiki might be a great help here.

Les Bell wrote:
> Robert McLeay <ches at perlboy.org> wrote:
> 
> 
> Sounds really good.
> 
> I don't know whether the time and investment in setting up an new system
> would be worth it to be honest.
> 
> I'd suggest that for mail/web/mysql/dns that you grab a copy of
> single-domain (freeware) PSA from www.plesk.com .
> 
> I admin shared hosting servers to keep the food/beer flowing, and Plesk
> is a dream to install/run/admin/manage, compared to Ensim/CPanel
> (please, please, please, don't use CPanel - urrgggh - fixing it all
> arvo)
> <<
> 
> Hmm. I hadn't thought of Plesk, to be honest - always seen it as more
> oriented to the hosting business market, and so I'd planned on using Webmin
> (http://www.webmin.com). I suspect it would provide a better interface for
> email management, especially, but I think, on balance, I'll stick with
> Webmin for the time being, mainly on account of familiarity. Also, since
> Webmin is open source Perl code, I stand a better chance of hacking in the
> appropriate changes or even a module for this specific "application".
> 
> To be honest, it's a pretty simple setup. The major trick is going to be
> setting up a schema to allow for the kids to be members of the appropriate
> groups - e.g. their class, which will change each year, project groups,
> etc. - together with some scripts to automate their management.
> 
> For my simple "sales demo" at our computer committee meeting, I created a
> few demo accounts in advance. I'd already modified /etc/skel so that each
> kids' home directory had the appropriate folders created, including one
> called "website" which is actually the Apache "public_html" directory. Then
> I demo'ed manually creating a new user within Webmin, which automatically
> takes care of setting up the appropriate smbpasswd entry as well, and
> showed a default kid's home page, then edited that from within Windows. In
> real life, the accounts will need to be created using a batch import
> technique (Webmin has one) and ideally, automatically managed from that
> point onwards.
> 
> 
> Sounds and looks like a really idea.
> <<
> 
> Please, please tell me there's a "good" in there somewhere! <g>
> 
> I'll post another email to this list detailing features I'm aiming for. The
> intention is not to create a completely off-the-shelf turnkey package or
> (heaven help us!) another distribution, but instead to write up some
> articles on how to do these things. That's how I make my living, and who
> knows?, if a magazine somewhere picks up an article or two out of it, my
> kids will get to eat that month. <g> However, along the way, I'm happy to
> put what I've done up on the web so people can benefit immediately, and
> equally I'd be really pleased to accept suggestions, feature requests, and
> pointers to better ways of doing things.
> 
> Best,
> 
> --- Les Bell, CISSP
> [http://www.lesbell.com.au]
> 
> 
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias


-- 
Andrew Dorrell PhD.        Senior Research Engineer
Canon Information Systems Research Australia     Phone: 61 2 9805 2224
1 Thomas Holt Drive,  North Ryde,  NSW 2113.     Fax:   61 2 9805 2865

More information about the lias mailing list