Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Ubuntu Lockdown Options?

Posted by samzenpus on from the no-internet-for-you dept.

First time accepted submitter clava writes "We have a desktop Java testing application that is going to be administering tests to students on lab computers running Ubuntu 10.x. These computers are used by the students for other purposes and we're not allowed to create special users or change the OS configuration. When the testing app is launched, we need to restrict users from exiting the app so they can't do things like search the internet for answers or use other applications. Is there a good way to put an Ubuntu machine in kiosk mode or something via our application and have exiting kiosk mode be password protected? Any ideas are appreciated."

22 of 387 comments (clear)

  1. Why? by Anonymous Coward · · Score: 4, Insightful

    Why not let them use resources? Similar to what they will have available to them in the workforce.

    1. Re:Why? by bonch · · Score: 4, Insightful

      Because they're supposed to learn and internalize the concepts, not learn how to type search terms into Google or trade answers via IM.

    2. Re:Why? by pmgarvey · · Score: 5, Insightful

      Firstly the submitter didn't say if this was a programming exam, or what it was. It could be a test on memorising the capitals of African countries.

      But more importantly is that allowing access to the internet doesn't just allow things like documentation, and other resources I might have in the workplace, but might allow me to ask my friend to email the entire solution, or even send the question to a guy in India and get the solution back for a fee. It's a comprimise between testing some memorisation and in the cases of some students, testing nothing at all.

    3. Re:Why? by LurkerXXX · · Score: 4, Insightful

      I guess you want that EMT to show up at your car crash to just google how to patch you up if he didn't pay attention in class. Better hope he doesn't lose signal to his cell phone.

    4. Re:Why? by Anonymous Coward · · Score: 2, Insightful

      Because somebody needs to provide those answers you find via Google. They don't just appear out of nowhere.

    5. Re:Why? by Ethanol-fueled · · Score: 3, Insightful

      I got poor-but-passing grades in high school, even as I got awards and letters of recommendation and was the only person who wrote "with style," because I knew then at that early age that college-educated folks could also be idiots, albeit ones who paid a lot less than we did later having to slog through the same tedium.

      My college grades were much better, but only because I learned at my own pace, on my own terms. You think that some Adderall-popping punk who gets good grades forgetting everything they've learned after each final would make a "top-flight" employee? Could you possibly imagine that some people actually have lives, other priorities that don't revolve around serving their school and, later, their employer?

      "Top-flight" employees indeed. What you want is a predictable, cocksucking slave who will not have the passion or imagination to be a threat to you after you hire them.

    6. Re:Why? by Mr.+Freeman · · Score: 4, Insightful

      Some of my professors gave open-book exams. This allowed you to look up equations, material properties, etc. If you understood how to do all the work but were unsure of whether the last coefficient in a particular equation was positive or negative, this helped a lot. If you had no idea what you were doing then the book didn't help you at all. Brilliant exam, because in the real world you will have reference materials and you will sometimes forget things like the naiver-stokes equation.

      However, the professors wouldn't in a million years consider making these tests open-internet. The internet allows answers to be shared, which doesn't allow for testing of individual students. In addition, the internet has a lot more information than in a textbook. A student may be able to find problems almost identical to those on the exam and simply copy the answer verbatim.

      There's also a difference between being able to do your work with the assistance of a reference manual, and only being able to do your job if you have access to the internet.

      --
      -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
  2. Chortle! by MrBandersnatch · · Score: 5, Insightful

    Pull out the Ethernet connection. TADA!

  3. Make the test application enforce Kiosk mode by alsuren · · Score: 3, Insightful

    I'd suggest having a whitelist of allowed process names that are allowed to be running during the test as that user. If any other programs are running when the program starts, it should not allow the test to be started until those programs are shut down (add a "kill all" button for newbie users). It should also have a watchdog that polls to make sure that the system is still clean. If it finds any unwanted programs, it should give the user 10 seconds to kill them or fail the test (or require a password to ignore this process). If you can do this in the same thread as the testing program, and in such a way that you can't just attach gdb and pause execution while you google the answers, you're onto a winner.

  4. Re:Homework by elsurexiste · · Score: 5, Insightful

    Hey, asshole. Ever occurred to you that, given clava's high UID, he/she isn't a geek and don't know enough of Linux/technology to do this? Look at how this question was redacted: it's obvious that he/she is not in control of the system, and is looking for some info here, where people with knowledge gather. Just answer the question if you can help and don't be pompous.

    --
    I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
  5. Re:Homework by Anonymous Coward · · Score: 3, Insightful

    WTF Man. Maybe they are a math/english/whatever teacher using some sort automated grading system. Maybe they're a good teacher but bad with computers? But NO! Unless you crafted it yourself bit by bit then its tantamount to "cheating".

  6. Re:Depends how locked-down by adamdoyle · · Score: 5, Insightful

    If you ask me, you don't really need to prevent users from doing those things. You just need to tell they're not allowed to, and then have your java app detect if those things have occurred and then take action from there. By "take action," I mean that you could either (a) make some kind of notation in the database so that you can penalize them, or (b) send an SMS message or email or something to the test administrator to alert them of the situation so that they can walk over and determine if the student is attempting to cheat.

  7. Re:Depends how locked-down by Anonymous Coward · · Score: 3, Insightful

    This can be done.

    1. Insert a Windows 7 CD, format the drive, install the Windows 7 operating system. Via group policies and TweakUI, disable all settings and applications that you don't want users to access.

    2. Take the Ubuntu CD and place it on the desk next the computer.

    3. Place hot beverage of choice on Ubuntu CD, which will now be reffered to as the "coaster".

    4. Proceed with Java tests.

  8. Finally - PROFIT. by tomhudson · · Score: 3, Insightful

    1. Take bribes from other students to be the first one to cheat.
    2. Blatantly cheat and get caught.
    3. Become the proctor, and ignore everyone now cheating.

  9. turn the problem upside down by Cobble · · Score: 3, Insightful

    You're looking for a technological solution to a pedagogical problem. Redesign the questions and let them have all the Internet access they want.

  10. Requires things he said he couldn't do by pavon · · Score: 3, Insightful

    This is exactly the solution I would have proposed, except it goes against the users requirements.

    Disabling TTY access requires changes to the OS configuration which he is not allowed to make. Furthermore in Ubuntu, you can't just kill the current X session and start a new one from the command line with the application as the window manager, because it will helpfully restart X when it crashes (or is intentionally killed). You would either need to create a special user whose default WM is the application you want to run, or you would need to reconfigure the OS graphical login settings, neither of which he is allowed to do.

    User applications are intentionally prevented from locking down a machine, otherwise any old piece of malware could do so. The only way to really lock it down to modify the OS configuration. That is why all the other answers are suggesting round-about ways to achieve the same goal. IMHO adamdoyle's is the best.

  11. Re:MOD PARENT UP by germansausage · · Score: 4, Insightful

    "Why do so many Slashdotters always feel like the best answer to a question is "you're doing it wrong"?"

    This happens everywhere on the internets where you ask a question. Ask a Microsoft support website how to do something that "should" be possible, but isn't. (Can't think of an example now) You'll get 10 answers telling you how to "work around" what you asked, and another 20 answers questioning why you or any one else would want to do this thing. What you will never ever get is even 1 person saying "Our product cannot do this thing".

  12. Re:Depends how locked-down by Ethanol-fueled · · Score: 3, Insightful

    Hey, restriction policies can be done right. My new shop uses them to great effect, in fact, when combined with good firewall solutions. I was just pointing out that Windows is spaghetti code, where the browser is integrated into the shell and then not completely removed but blocked such that specific cases are missed and can be exploited out of the box. I'm no expert but am willing to gamble that Windows code up to Win7 does not contain any meaningful rewrites with regard to browser-shell integration - only more clever blocking. By the way, the file browser-URL trick I mentioned worked with XP, at least until installing one of the service packs.

    *Nix at least has always had a meaningful modular approach. Both Operating systems can be exploited, but *Nix has better granularity and privilege escalation safeguards. The fact that submitter is mentioning Ubuntu says a lot, as it is the "Windows" of Linux.

    Replying to Culture20 above you, regedit hacks are the same thing that is wrong with the current state of Linux usability. If you have to resort to that to do what you said, then you might as well run *Nix with less hassle. Also, why did Microsoft make it that difficult to replace IE?

  13. Re:Depends how locked-down by tepples · · Score: 3, Insightful

    you could straight up disable the keyboard and rely on the mouse for selecting answers.

    Which doesn't help in cases of 1. answers that aren't multiple choice, or 2. having to accommodate people with mobility impairments where limitation to a mouse imposes an undue hardship.

  14. Re:Better idea by SessionExpired · · Score: 3, Insightful

    I do not carry such information in my mind since it is readily available in books. ...The value of a college education is not the learning of many facts but the training of the mind to think.

    -- Albert Einstein

    Was he a slacker too?

    Time spent memorizing stuff is time that could be better used understanding it. Having no access to reference material is a ridiculous limitation.

    How did this quote come to you? From memory?

    --
    You want the taste of dried leaves boiled in water?
  15. Re:Depends how locked-down by ktappe · · Score: 4, Insightful

    you could straight up disable the keyboard and rely on the mouse for selecting answers.

    Which doesn't help in cases of 1. answers that aren't multiple choice, or 2. having to accommodate people with mobility impairments where limitation to a mouse imposes an undue hardship.

    Be fair, the restrictions on the implementation are severe: No OS mods one can kind of understand but you also can't create even a "testtaker" user account? As an OS deployment engineer I appreciate the former but I can't think of any justification for the latter.

    Anyway, given these handcuffs, a multiple-choice test will just have to do I think. And believe me, you can make some pretty darn hard multiple-choice exams. Go try to get MS or Apple certified some time. 80 adaptive multiple choice questions that nobody is going to do well at unless they studied hard and/or know their stuff.

    --
    "We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
  16. Ubuntu locked down for a school environment by PhilipJLewis · · Score: 3, Insightful

    I worked on this project for a Primary school. It's worked well for >2 years for 120 pupils.
    http://linuxcentre.net/wiki/
    The parts about automatically resetting the homedir after reboot is probably of interest to you.
    http://linuxcentre.net/wiki/index.php/Detailed_Maverick_Meerkat_OS_Netbook_Customisation below Home_Directory_Synchronisation