toadbrother
Posts: 3
Joined: Fri Dec 04, 2020 4:15 am

Locked Down Profile

Tue May 18, 2021 9:41 pm

I'm looking at replacing our aging Windows machines with Raspberry Pis. The Windows machines all run Deep Freeze, which essentially resets the Windows profile with every reboot. I'm looking at similar functionality on the Pis. I have a good deal of experience with Unix/Linux, so the most obvious solution to me is to simply recreate the public user home directory from a master home directory on every reboot, via CRON. Any changes that need to be made to the master user home directory can be done by logging into as that user. Does this seem reasonable?

As a corollary to that, I'm thinking of having the master home directory sitting on a Samba or NFS share, which allows the update to be done to one single profile rather than 20 or 30 Pis. At boot up, each Pi will reset the public user home directory with the one sitting on the server.

Is this an overly complicated way to do things? Is there a better way to lock down a user home directory and reset the settings?

pidd
Posts: 2050
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: Locked Down Profile

Tue May 18, 2021 10:42 pm

The simplest but possibly less hacker-proof way is to use the overlay file system in raspi-config, effectively it is run from in RAM disks and all changes get lost when re-booted.

ejolson
Posts: 7233
Joined: Tue Mar 18, 2014 11:47 am

Re: Locked Down Profile

Tue May 18, 2021 11:18 pm

toadbrother wrote:
Tue May 18, 2021 9:41 pm
I'm looking at replacing our aging Windows machines with Raspberry Pis. The Windows machines all run Deep Freeze, which essentially resets the Windows profile with every reboot. I'm looking at similar functionality on the Pis. I have a good deal of experience with Unix/Linux, so the most obvious solution to me is to simply recreate the public user home directory from a master home directory on every reboot, via CRON. Any changes that need to be made to the master user home directory can be done by logging into as that user. Does this seem reasonable?

As a corollary to that, I'm thinking of having the master home directory sitting on a Samba or NFS share, which allows the update to be done to one single profile rather than 20 or 30 Pis. At boot up, each Pi will reset the public user home directory with the one sitting on the server.

Is this an overly complicated way to do things? Is there a better way to lock down a user home directory and reset the settings?
The way it's usually done for a student lab with Pi computers is even easier than Deep Freeze, because Raspberry Pi OS can boot diskless (no SD card either) over the network. Thus, centralised adminstration is automatic and involves only the boot and file server.

While this may sound complicated, there is an officially supported solution called PiServer which makes it all plug-and-play in most cases. Hopefully someone can chime in with how to get started.

fruitoftheloom
Posts: 26818
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Locked Down Profile

Wed May 19, 2021 3:45 am

ejolson wrote:
Tue May 18, 2021 11:18 pm
toadbrother wrote:
Tue May 18, 2021 9:41 pm
I'm looking at replacing our aging Windows machines with Raspberry Pis. The Windows machines all run Deep Freeze, which essentially resets the Windows profile with every reboot. I'm looking at similar functionality on the Pis. I have a good deal of experience with Unix/Linux, so the most obvious solution to me is to simply recreate the public user home directory from a master home directory on every reboot, via CRON. Any changes that need to be made to the master user home directory can be done by logging into as that user. Does this seem reasonable?

As a corollary to that, I'm thinking of having the master home directory sitting on a Samba or NFS share, which allows the update to be done to one single profile rather than 20 or 30 Pis. At boot up, each Pi will reset the public user home directory with the one sitting on the server.

Is this an overly complicated way to do things? Is there a better way to lock down a user home directory and reset the settings?
The way it's usually done for a student lab with Pi computers is even easier than Deep Freeze, because Raspberry Pi OS can boot diskless (no SD card either) over the network. Thus, centralised adminstration is automatic and involves only the boot and file server.

While this may sound complicated, there is an officially supported solution called PiServer which makes it all plug-and-play in most cases. Hopefully someone can chime in with how to get started.

https://www.raspberrypi.org/blog/piserver/

https://github.com/raspberrypi/piserver
The information is out there....you just have to let it in.

My other Linux machines: ChromeBox
https://www.aliexpress.com/item/32966393971.html
& Stone Desktop Intel CoreDuo circa 2010

Return to “Advanced users”