4 Apr 2001 modus   » (Apprentice)

Ruggedizing a Cafe Box

  1. Remember to keep the BIOS passwd-protected, and not have any removable media (A:, CDROM) in the boot-path.

  2. Make as much as possible mountable read-only. This should be doable with /usr with little or no modification. It could almost be done with root, except things need to mount on it. The best way to do this is with NIS / NFS, so that a cluster of diskless computers shares network access to a remote filesystem.

  3. For a standalone machine, there's a way to do this by making all the partitions except for /var read-only, then disabling a lot of things that need to write to the disk and symlinking everything essential to the /var partition.

  4. Create a restricted ~cafe account. Configure your *DM (XDM, KDM, GDM, whatever) for autologin to ~cafe. For the public login, make as much read-only as possible. One way to do this is chmod -R a-w ~cafe, and then see what breaks.

  5. Enable quotas. This will prevent .netscape/cache from eating anything but the ~cafe dir.

  6. Pick up a journaling FS when convenient.

Jamie Zawinski used diskless terminals and NIS/NFS in his nightclub for a setup so bombproof, you could even UNPLUG 'EM without halting the system and they don't have to fsck, since they get all their important files over the network.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!