this post was submitted on 24 Jun 2023
26 points (90.6% liked)
Linux
48375 readers
1915 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Would this locked-down distro be used by customers or by employees? If it is being used by employees, there is no faster way to be hated than putting unnecessary restrictions on their logins. You don't want that kind of workplace.
I simply do this:
Make sure they don't get sudo/root privileges.
Remote mount their home directories (nfs).
Don't add any restrictions beyond that. It is a waste of time and money.
Control the rest through company policy, usually clauses under the 'Misuse of company network' section.
Who cares if employees are browsing tik-tok or whatever if they've done all their work? That's a work-allocation issue. If they haven't done all their work then that's already a solved problem. Either motivate them or performance manage them slowly towards the door.
Who cares if they want to install xyz software [in their home directory]? Chances are it'll be a free boost for performance and/or morale.
All good points. Who the heck cares as long as your employees deliver their promised work on time?
I should add that you should however restrict data storage, mandate disk encryption, etc.
Agreed. I manage both of these transparently beyond the employee's view. All the employee knows is that they have xyz free space to use on their profile.
This /really/ depends on your threat model. "xyz software in their home directory" could easily be "exfil tool that uploads all data employee X has access too, disguised as a meme template generator"
I was more worried on the cybersecurity side rather than the work allocation issue.