We have just completed the installation of about 50 Pentiums's in the
Computing Centers at the University of New Hampshire. These machines
are configured to be duel platform that always boot to DOS, but can
become Linux systems via LOADLIN installing and running a Linux
On the Linux side, we use NIS and NFS to allow users to log in with
their central Unix system userids and passwords and to have their home
directory available via NFS.
We have LOADLIN and the Kernel locked away from prying eyes. The
floppy boot option is disabled at the BIOS level. But a problem arises
if we have a determined student who comes in to the Computing Center
with a disk containing their own loader and Kernel image. The student
copies these on to the DOS hard drive, runs the loader with their own
Kernel, and says root=/dev/fd0 to run the root file system off a
floppy disk that contains all of the utilties needed either to
remove the root password on the local Linux file system or to start
the Internet daemons off the floppy disk with the machine proper IP
Either way, the student can log in as root and NFS mount the exported
volumes off the central systems that contain the campus mail spool and
everyone's home directories. This is a BIG problem.
We are looking for solutions either that will prevent someone from
being able to run their own loader and kernel off the DOS hard drive
or will prevent root access to the central systems via NFS.
Also, if there are other's out the running Linux in a student
computing center environment, I'd be grateful to hear of any
experiences that you have had, both good and bad, with doing so such
that we can learn from previous experience.
Why??? Because we can! ------------- David Blezard
/ \ | er | Computing and Info. Services
( ) | Down| and Zoology Department
/_\ Acer ------------- University of New Hampshire