Hi again,
Thank you for your warning Outback Dingo, this might be a problem, but I
am a bit optimistic and I think my users will be (in my case) clever
enough to use the system without too much problems.
I will keep you updated if I end up using Qubes as a start and getting
somewhere interesting.
To be honest, I thought something like that : checking regularly for a
change in the user's LDAP password to get it and store it (and only this
user's password) on the computer, which allows for an offline use
without exposing the other users' password. Thanks a lot though for your
suggestion of implementation.
>
>> - Limited user rights : I don't want the users to be able to install
>> themselves software or to configure themselves the network.
>>
>> I have heard recently of Qubes, and after looking into it, I think I am
>> able to manage to adapt it to match my first five criteria (although I
>> would be grateful if you have any help or hint to where to look at for
>> that). Qubes seems to be a great base to work on for that project.
>> But I have a problem with that last criteria.
>>
>> It seems that by design, a QubesOS user will always have administrative
>> privileges on its workstation. It is a fair choice for the usage QubesOS
>> seems to be intended for, I am not criticizing it. But is there some
>> possibility to adapt a QubesOS for less trusting the user, and enforcing
>> a certain configuration (and set of software) only an administrator, and
>> not the user, could change ?
>
> The following link should help:
>
>
https://www.qubes-os.org/doc/vm-sudo/
>
> IMO that's OK if you only want to prevent your users from tinkering
> with your laptops so that you don't loose time fixing them, but it
> won't help if you want to prevent users from installing forbidden
> stuff in your corporate network, since they have full privileges to
> configure/use VMs and can install whatever they want in those VMs.
>
That is my concern. My company has a security policy that doesn't allow
for users to install whatever they want (although no protection for
portable executables is set on our windows workstations) and
furthermore, my department has a lot of security constraints, and I
really need to enforce a reasonable enough security on my department's
networks, so I can't allow for my users to tinker with my network.
To sum up, if some users use new software by installing them in their
home (in each VM) and using them from their home, I wouldn't be very
happy but I could live with it, but I must keep them from doing anything
strange on my network, and to install or even execute software as root
on the VMs (this last point is stupid, I know, given a user might just
compile and execute it in its home , but I must comply with it for
policy reasons).
Sincerely,
Jeremy Buet
PS : just on a side note, I am more of a gentoo-user, and not too fond
of systemd. I didn't check at all yet (I will do in the future though),
and am just asking out of curiosity (I can adapt to fedora & systemd
based system), but has anyone yet tried to use gentoo-based or even just
systemd-less templateVM ?