Revision 2, 2.0 KB
(checked in by svngov, 11 years ago)
|
v1.0
|
Line | |
---|
1 | Open Policies is a small library of functions that manipulate Linux user profile configurations, including those related to GNOME and Firefox as well as the available printers and samba shares mounted during login. These functions can be integrated in scripts that are used to enforce certain configurations on login. Those enforced configurations are called "policies". |
---|
2 | |
---|
3 | The functions present in this library are meant to be stored centrally (eg: on a read-only samba share) and sourced from shell scripts that are specific to users and / or groups. Those scripts should also be stored centrally and executed automatically from the Linux desktops using, for example, the pam_script module. This way, if centralized authentication (via LDAP, Active Directory, etc) is in place, it is possible to enforce login based configurations (ie, policies) depending on the user and the groups the user belongs to. Such configurations can then easily be managed from a central location. |
---|
4 | |
---|
5 | Implementation details depend on the Linux distribution and implementer preferences. However, we suggest: |
---|
6 | |
---|
7 | - storing the functions on a directory named COMMON inside a samba share |
---|
8 | - storing the user scripts on a directory called USERS inside the same samba share |
---|
9 | - storing the group scripts on a directory called GROUPS inside the same samba share |
---|
10 | - storing a global script named global.sh inside the samba share, at the top level |
---|
11 | |
---|
12 | During the login process the Linux desktop should |
---|
13 | |
---|
14 | - mount the samba share that hosts the functions and the scripts |
---|
15 | - execute global.sh for all users |
---|
16 | - determine all groups the user belongs to and execute the corresponding |
---|
17 | |
---|
18 | GROUPS/<groupname>.sh |
---|
19 | |
---|
20 | scripts whenever they exist |
---|
21 | |
---|
22 | - look for |
---|
23 | |
---|
24 | USERS/<username>.sh |
---|
25 | |
---|
26 | and execute it if it exists. |
---|
27 | |
---|
28 | This execution sequence allows for group specific configurations to override global configurations, and user specific configurations to override both. |
---|
29 | |
---|
30 | During the logout process the mounted shares should be unmounted and the added printers (if any) should be removed. |
---|
31 | |
---|
32 | Several usage examples are availble in the EXAMPLES file. |
---|