Contributed by louis on from the everyone's-partying-except-me dept.
The terminal room has 30 workstations running OpenBSD 2.7-STABLE, with a stock install and a few useful applications like Netscape, Emacs, Acroread, Ghostscript and gv. The hardware is Dell P3/500, 128MB RAM, 12GB disk, ATI Rage Pro. The T1 feed was donated by Earthlink [ The service provider was previously incorrectly identified. Our apologies for the mistake -louis ].
At OpenBSD Journal's insistence, he divulged his installation secrets...
The install process was as follows: setup one machine, i.e. install the OS, install the packages, tweak settings etc. Add one 'guest' user, password 'guest'. Run Netscape once, set some bookmarks up (to OpenBSD and USENIX-related pages). Exit Netscape. Now flesh out
/home/guest(remove Netscape cache files et al) and rm -rf .ssh. Now we have a nice, skeletal
/home/guestdirectory with simple Netscape settings etc.
Create a tarball of /home/guest and put it in
/usr/X11R6/lib/X11/xdm/homedir.tar.gz. Add some script magic to
/usr/X11R6/lib/X11/xdm/TakeConsolethat wipes out all user-writable directories (
/tmp/, /var/tmp ) then untars the skeletal guest home dir tarball back into
/home/guest. Now the next person who logs in will have a clean system with which to work with.
Some tweaks that were done:
To duplicate the install on every machine was easy. After I was satisfied with the initial PC setup, I created one huge tarball of the entire system named base27.tgz. Then I activated the ftp daemon, went around to each workstation, booted off a floppy, setup partitions, then simply chose ftp install and pointed it at the initial setup machine. It comes up with just 'base27.tgz' as the only package available so you choose that. It installs it, you select a timezone, reboot, and you're done.
- Disable consoles in
/etc/ttysand remove the 'secure' keyword (so that users don't get root prompt when ^C'ing out of fsck at boot-time).
echo boot > /etc/boot.confto get rid of the 5 second delay at the boot> prompt on reboots,
- Disable inetd, sshd, and portmapper.
- Setup usermount so users can mount floppies and CD-ROMs.
- Set BIOS password and enable 'boot from hard disk only'.
(Comments are closed)