defunkt
June 9th, 2011, 02:40 PM
hey all,
i have a question but first i want to lay out a scenario so you understand where I'm coming from.
i work in a high school and we have been looking to implement a one to one program where every student will receive a net-book. in order to cut cost for the program we are looking at using ubuntu. so far we have run a pilot in a few classrooms and the teachers and students really seem to like it. but our big concern is more with web filtering at home...
my stance towards permissions is to give students full (root) access to the net-book as when they graduate the net-book will become theirs. this poses problems as students can alter/remove software on the machine; see where I'm going with this? my argument is that if they have root access they can remove any filtering software, and if we don't give them root access, management of the net-books could become a nightmare (installing any software or updates). on the other side, when the students graduate, they need to be able to use the net-book normally with whatever restrictions we have put in place, i don't think you would expect the seniors to hand in their net-books when they graduate so that they could be re-imaged to give them full access.
i would rather give them full access to the net-book than restrict them, and i don't want this to turn into a "whether they should or shouldn't be filtered" conversation. i may not have a choice depending on what our board decides. so at this point I'm making an effort to explore my options.
the software were looking to implement is a kernel patch, which most students wouldn't be able to find, but there are always a few talented students who will find it.
so... is there a way that i can give users the ability to install and update software without having root access??? or maybe mroe importantly prevent them from having the ability to change/update the kernel.
i know the answer is most likely no, but I'm trying to get the best of both worlds.
I'm open to any suggestions, but I'm not super optimistic...
thanks for any comments!
i have a question but first i want to lay out a scenario so you understand where I'm coming from.
i work in a high school and we have been looking to implement a one to one program where every student will receive a net-book. in order to cut cost for the program we are looking at using ubuntu. so far we have run a pilot in a few classrooms and the teachers and students really seem to like it. but our big concern is more with web filtering at home...
my stance towards permissions is to give students full (root) access to the net-book as when they graduate the net-book will become theirs. this poses problems as students can alter/remove software on the machine; see where I'm going with this? my argument is that if they have root access they can remove any filtering software, and if we don't give them root access, management of the net-books could become a nightmare (installing any software or updates). on the other side, when the students graduate, they need to be able to use the net-book normally with whatever restrictions we have put in place, i don't think you would expect the seniors to hand in their net-books when they graduate so that they could be re-imaged to give them full access.
i would rather give them full access to the net-book than restrict them, and i don't want this to turn into a "whether they should or shouldn't be filtered" conversation. i may not have a choice depending on what our board decides. so at this point I'm making an effort to explore my options.
the software were looking to implement is a kernel patch, which most students wouldn't be able to find, but there are always a few talented students who will find it.
so... is there a way that i can give users the ability to install and update software without having root access??? or maybe mroe importantly prevent them from having the ability to change/update the kernel.
i know the answer is most likely no, but I'm trying to get the best of both worlds.
I'm open to any suggestions, but I'm not super optimistic...
thanks for any comments!