| sbalneav | Morning all | 15:12 |
|---|---|---|
| highvoltage | morning sbalneav | 16:25 |
| Ahmuck | in a edubuntu system are there levels of administration | 17:11 |
| sbalneav | Ahmuck: With PolicyKit, there's the *potential* for levels of administration, however, most packages tend to come configured as the "superuser" gets the admin priv. | 17:32 |
| sbalneav | However, the "standard" unix way to do this would be to have groups to control certain policy options. | 17:32 |
| sbalneav | i.e. have an "accounts" group for creating, modding accounts, have a "printers" group for handling printing operations (clearing queue's, etc). | 17:33 |
| sbalneav | then assign pk rights based upon membership of the group. | 17:34 |
| Ahmuck | accounts for updating, installing sofware etc.? | 17:34 |
| Ahmuck | linux has control policy options? | 17:34 |
| sbalneav | Sure. Simply depends on how "fine grained" you'd like to get. | 17:34 |
| Ahmuck | i've got an individual i'd like to put in charge of some things, but need to keep them from "roaming" | 17:34 |
| sbalneav | Well, you used to control these sorts of things with setgid programs. | 17:35 |
| Ahmuck | ie through user directories, etc. | 17:35 |
| sbalneav | Now you control them with pk | 17:35 |
| Ahmuck | ok | 17:35 |
| sbalneav | Well, actually, you do both, since not everything;s part of the new pk order yet :) | 17:35 |
| Ahmuck | is there a way to block process listing? | 17:35 |
| sbalneav | No | 17:35 |
| Ahmuck | ya, i havn't granted system wide access yet | 17:36 |
| sbalneav | That's pretty fundamental to Unix-like OS's | 17:36 |
| sbalneav | there are some kinds of things you may want to do that will be either very difficult or impossible to do in a Unix-like environment. | 17:36 |
| sbalneav | This is due to the fundamental design philosophy of Unix/Linux | 17:38 |
| sbalneav | A good forinstance would be the running of various programs, like ps, by a user. | 17:39 |
| sbalneav | So, you may say, "I don't want a user to be able to run ps, and see what processes are on the system". | 17:40 |
| sbalneav | OK, fine, so you enable ACL's on the filesystem, and remove execute rights from ps on that user. | 17:40 |
| sbalneav | Now tuxtype stops working, since it calls ps to make sure that the user isn't already running a tuxtype instance. | 17:41 |
| sbalneav | (that was just an example, I don't know if tuxtype does that in reality). | 17:41 |
| sbalneav | As a user, you have to expect that everything that's in /bin, or /usr/bin should be able to be run by you. | 17:42 |
| sbalneav | Linux permissions doen't get that fine grained. | 17:43 |
| Ahmuck | are there any good screenshot programs, similar to ksnapshot that doesn't depend upon clicking the new snapshot button? | 17:50 |
| sbalneav | Dunno, if I need a screenshot, I always just hit printscreen. | 17:50 |
| Ahmuck | i'm looking for specific screenshots, under a vm window without the vm border | 17:56 |
| Ahmuck | i can do it with ksnapshot, or a script using imagmagick, however i get the same problem, i have to go in and manually crop them | 17:57 |
| Ahmuck | i'm looking to automate the screenshots | 17:57 |
| Ahmuck | sbalneav: is there a way to prevent screen output. what i'd be having problem with is individual users viewing proceses from other users. | 17:58 |
| Ahmuck | so for example, ellen's OO.o doc that is titled, "My Love Poem for David" would be presented under ps | 17:59 |
| alkisg | !info xorg-driver-sis671 | 18:33 |
| ubottu | Package xorg-driver-sis671 does not exist in karmic | 18:33 |
| sbalneav | Ahmuck: No, sorry, there's simply no easy way to prevent something like that in a Unix-Like environment. | 19:01 |
| sbalneav | You can do things like use pessulus to lockdown alt-f2, so they cant run things, and disable access to (gnome|x|k)term, but then they could just use Nautilus to browse to /usr/bin, and run ps directly. | 19:03 |
| sbalneav | Unix was originally designed for programmers to work in, and there was an orignal assumption that most things should be visible on the system. | 19:03 |
| sbalneav | This ultimately became the posix standard | 19:04 |
| sbalneav | and Linux is (or tries to be :) ) posix compliant. | 19:04 |
| sbalneav | Ahmuck: As for the screenshots, can gimp do it for you? It can acquire screenshots without border decorations. | 19:06 |
| sbalneav | There is a bug that's been filed against nautilus: | 19:13 |
| sbalneav | Hmmm, can't find it off the top of my head, but it was a patch for lockdown, "no execure", so that it wouldn't execute programs when launched from Nautilus. Thhis would help somewhat. | 19:15 |
| Lns | Ahmuck: also, you can use .hidden files to hide directories/files from viewing in nautilus (won't affect openoffice save/open dialogs and friends though).. have you seen the ubuntu wiki page on locking the system down? | 19:32 |
| Lns | https://help.ubuntu.com/community/UbuntuLTSP/HideFilesystemInNautilus | 19:32 |
| sbalneav | Lns: HUH! | 19:33 |
| sbalneav | I didn't even know nautilus did that | 19:34 |
| joerg_ | hey | 19:34 |
| sbalneav | joerg_: Hey there! | 19:34 |
| sbalneav | looked at your spec | 19:34 |
| joerg_ | sbalneav, did u find some time look at the specs? :) | 19:34 |
| sbalneav | looks fantastic! | 19:34 |
| joerg_ | ah cool | 19:34 |
| joerg_ | sbalneav, when did u look at it? | 19:34 |
| sbalneav | all kinds of good detail in there | 19:34 |
| sbalneav | last friday | 19:35 |
| joerg_ | changed a lot of things recently | 19:35 |
| joerg_ | w8 | 19:35 |
| sbalneav | oh, cool. | 19:35 |
| joerg_ | sbalneav, http://www.labpixies.com/campaigns/calories/calories.xml | 19:36 |
| joerg_ | oh, sorry | 19:37 |
| joerg_ | that's my test opensocial app :D | 19:37 |
| joerg_ | http://www.myserv-project.org/specs:core | 19:37 |
| sbalneav | Excellent, thanks! | 19:38 |
| joerg_ | sbalneav, should I start recruiting people? :D | 19:39 |
| joerg_ | sbalneav, I am just working on the opensocial stuff | 19:39 |
| joerg_ | sbalneav, which is not that easy....there's just one very poor python implementation for the google app engine | 19:40 |
| sbalneav | I'd certainly be more than willing to help out. | 19:40 |
| sbalneav | Lns: yeah, that's a good tip. Unfortunately, the wily "hacker" can still do a "control-L/usr/bin", so it definitely helps, but doesn't eliminate the problems. | 19:42 |
| Ahmuck | it's not hackers i'm worried about, rather, nosey teenagers | 19:43 |
| Ahmuck | though i aught to be glad their learning | 19:43 |
| sbalneav | One supposes we could create a "hidden" package that supplies a set of ".hidden" files for a bunch of directories. | 19:43 |
| sbalneav | Ahmuck: heh, that's why "hackers" was in quotes. | 19:43 |
| Lns | sbalneav: for sure. it's just 'out of sight, out of mind' type stuff =) | 19:45 |
| sbalneav | Hmm, so if I do a "cd /usr/bin ; ls > .hidden" that makes /usr/bin disappear. | 19:46 |
| sbalneav | Sooooooooo. | 19:46 |
| sbalneav | by extention.... | 19:46 |
| Lns | haha! | 19:46 |
| sbalneav | We could write a relatively short shell script that could be plunked in /etc/cron.hourly... | 19:47 |
| Lns | well | 19:47 |
| Lns | in my experience, if you lock down the root dir, there's not a lot that can slip by.. | 19:47 |
| sbalneav | that would go around to all the "bad" areas, like /bin, /usr/bin, /sbin, etc. | 19:47 |
| sbalneav | and create a ".hidden" file from all the contents. | 19:48 |
| sbalneav | 30, 40 lines of shell at most. | 19:48 |
| sbalneav | I'll hack something together tonight, stuff it in my ppa. | 19:48 |
| sbalneav | Ahmuck: So if you: | 19:49 |
| sbalneav | 1) removed Gnome-Terminal from the menu | 19:49 |
| sbalneav | 2) Locked out alt-f2 "run" dialogue | 19:49 |
| sbalneav | 3) run the little "hide things" script | 19:49 |
| Lns | Ahmuck: sbalneav also: check out https://help.ubuntu.com/community/UbuntuLTSP/GnomeOptimize -- I've put some things in there a while back about lockdown that might help | 19:50 |
| sbalneav | You'll make it difficult enough to do a "ps" looking for who little suzie's writing love notes too as to make it "almost impossible" | 19:50 |
| sbalneav | :) | 19:50 |
| sbalneav | Lns: You don't get enough credit for all the work you've done/do on the ltsp bits of the wiki. | 19:51 |
| Lns | lol | 19:51 |
| Lns | sbalneav: i did that a long time ago, it was kind of a stint that i got all that stuff up there. i wish i kept up on it more | 19:52 |
| Lns | but thank you =) | 19:52 |
| sbalneav | Well, it's important. | 19:54 |
| Lns | *sniff* i'm so glad you understand me sbalneav =) | 20:02 |
| Lns | actually, i'm planning on making a string of youtube video tutorials with edubuntu, starting with how to install it | 20:03 |
| Lns | but last week i was having issues with virtualbox so i couldn't set up my recording environment right | 20:03 |
| * Lns is installing edubuntu 9.10 amd64 for the first time =) | 20:30 | |
| Ahmuck | heh, Lns, that's what were doing here in the last week | 20:31 |
| Ahmuck | henced i was asking about screenshots | 20:31 |
| Lns | =) | 20:31 |
| Lns | hrm, "installing system" information should reflect edubuntu, not ubuntu | 20:32 |
| Lns | i could probably come up with some wordage | 20:32 |
| Lns | if someone knows how to change it in the install dvd | 20:32 |
| Lns | wow, those screen wipes during the installation really get your attention! haha | 20:35 |
| Lns | hmm, it seems to me that the iconset for Gnome "Places" menu are pretty inconsistent with "Applications" and other menus | 21:34 |
| Lns | a.k.a. nautilus iconset i guess | 21:34 |
| mhall119 | highvoltage, ping | 21:59 |
| highvoltage | mhall119: pong | 22:02 |
| mhall119 | hey, I'm finally getting my Qimo packages started | 22:03 |
| mhall119 | I was wondering what format they need to be in to get into Universe | 22:03 |
| mhall119 | source packages, package branches? | 22:03 |
| mhall119 | just something in my PPA? | 22:03 |
| mhall119 | I've got a group for qimo-developers in LP, I was going to use that PPA for the packages as they become available | 22:04 |
| mhall119 | I finally got the last of my xfce issues resolved | 22:04 |
| sbalneav | mhall119: Getting them into your ppa's a great first start. Then someone like stgraber or highvoltage can look at 'em and upload to universe. | 22:05 |
| mhall119 | ok | 22:05 |
| mhall119 | do I need to make separate PPA's for packages targetting lucid and karmic? | 22:06 |
| sbalneav | No, the ppa will automatically handle multiple distros. | 22:11 |
| highvoltage | mhall119: source packages | 22:20 |
| highvoltage | mhall119: you can use your current ppa | 22:20 |
| mhall119 | ok, cool | 22:21 |
| mhall119 | I'll let you know when they're up and relatively stable | 22:21 |
| highvoltage | mhall119: great! | 22:22 |
| mhall119 | if I get XSplash and GDM themes up now, can I update them with my new artwork when it comes in? | 22:22 |
| highvoltage | yes you can indeed | 22:22 |
| mhall119 | excellent | 22:22 |
| mhall119 | I want to get caught before Alpha 3 | 22:22 |
| highvoltage | you'll just have to release a new version of the package | 22:22 |
| mhall119 | how do you manage the edubuntu cd, do you upgrade the packages in place, or get a new base image and re-apply your packages each time? | 22:23 |
| highvoltage | mhall119: built from scratch daily | 22:33 |
| highvoltage | (as in debootstrap and then meta-packages are installed) | 22:33 |
| mhall119 | debootstrap? | 23:08 |
| * mhall119 reads the man page | 23:09 | |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!