root/openPolicies/README @ 2

Revision 2, 2.0 KB (checked in by svngov, 10 years ago)

v1.0

Line 
1Open Policies is a small library of functions that manipulate Linux user profile configurations, including those related to GNOME and Firefox as well as the available printers and samba shares mounted during login. These functions can be integrated in scripts that are used to enforce certain configurations on login. Those enforced configurations are called "policies".
2
3The functions present in this library are meant to be stored centrally (eg: on a read-only samba share) and sourced from shell scripts that are specific to users and / or groups. Those scripts should also be stored centrally and executed automatically from the Linux desktops using, for example, the pam_script module. This way, if centralized authentication (via LDAP, Active Directory, etc) is in place, it is possible to enforce login based configurations (ie, policies) depending on the user and the groups the user belongs to. Such configurations can then easily be managed from a central location.
4
5Implementation details depend on the Linux distribution and implementer preferences. However, we suggest:
6
7- storing the functions on a directory named COMMON inside a samba share
8- storing the user scripts on a directory called USERS inside the same samba share
9- storing the group scripts on a directory called GROUPS inside the same samba share
10- storing a global script named global.sh inside the samba share, at the top level
11
12During the login process the Linux desktop should
13
14- mount the samba share that hosts the functions and the scripts
15- execute global.sh for all users
16- determine all groups the user belongs to and execute the corresponding
17
18GROUPS/<groupname>.sh
19
20scripts whenever they exist
21
22- look for
23
24USERS/<username>.sh
25
26and execute it if it exists.
27
28This execution sequence allows for group specific configurations to override global configurations, and user specific configurations to override both.
29
30During the logout process the mounted shares should be unmounted and the added printers (if any) should be removed.
31
32Several usage examples are availble in the EXAMPLES file.
Note: See TracBrowser for help on using the browser.