|"Group Policy" for Linux or UNIX|
And idle question...
| 6:34 am on Mar 30, 2006 (gmt 0)|
Just some thought food...
As a sysadmin of several networks over the years, I have to say that one of the fantastic benefits of Microsoft's NDS/LDAP lookalike they call ADS is "Group Policies".
I really found myself enjoying the ability to create global settings for all desktops within particular groups of users or computers, or domain-wide. The scope of the settings was rather limited once you tried to do fancier things, I admit, but the basics were there.
What I'm wondering is -- does anyone know if someone is working on a free/open implementation of something similar? I'm talking more than domain membership here, so it's not Samba or NIS that I'm talking about. It would be, IMO, one of the "killer apps" for sysadmins that are looking to roll out *NIX on the front and the back end.
I envision something like a "global settings daemon" or something of that like, which each client runs and it connects to a master server to read its settings from, for anything from Gnome settings for default browser, screensaver policies, etc.
Anyway, I hope I'm making sense, and maybe someone knows of a project which they can point me in the right direction for. :)
| 1:56 pm on Mar 30, 2006 (gmt 0)|
Novell has their eDirectory product for Linux. Also look at cfengine.
A lot of the things that GPOs were designed to solve just aren't a problem under Unix because normal users can't mess around outside of /home. Also, proper use of NFS will make software rollouts very easy.
| 10:59 pm on Mar 30, 2006 (gmt 0)|
That's true enough, and I've looked into Novell's eDirectory server, but that's specific to Novell and its Linux products. What I'm looking at is something a bit more global (like it will optionally work for FreeBSD or Linux Slackware, for example).
I understand that most users wouldn't be able to control things outside of their $HOME, but that's part of the problem. If we want users to only use our proxy server, for example, we should be able to push that setting down to our browser that we standardize on (like Firefox, or whatnot). I'd like to be able to 'force' users to use this proxy, and not be able to change it. Yes, I know that in this example, there are ways to enforce that from a network perspective, but I'd rather do the network setup, and set a policy that globally says "FF will use 188.8.131.52 as its proxy, everywhere by default". The trick would be to prevent users from being able to change some things, but allowing them to alter others (ie: Don't change Proxy settings, but allow default home page changes).
Anyway, part of the problem is working in a heterogenous environment with multiple possible browsers ranging from lynx to opera, and no standard place to store settings (like the registry! ;) ).
Ahhh well, it's probably a pipe dream for a F/OSS implementation that stretches across these disparaging platforms and apps.
| 1:38 am on Mar 31, 2006 (gmt 0)|
Yea, it's pretty much application by application.
pine did it well -- there were two global config files, one was the defaults, the other was the same but the user couldn't override them.
Firefox seems to use the config file for its settings, so something like cfengine could enforce the proxy settings. I'm also wondering if there are environment variables that can be set. Most command line utilities accept $http_proxy, a quick check of firefox shows it doesn't.