StudentControlPanelCompletion
|
Size: 6577
Comment: review comments
|
Size: 6101
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 39: | Line 39: |
| * Student Control Panel will use vnc for remote desktop access. A function using vncclient is already implemented in the current code but disabled in the GUI since the client side wasn't clear yet; we will now fix that. {{{The use of "client" and "vncclient" here is very confusing. Be very clear whether in each case you mean the VNC client or the LTSP client since the latter is the VNC server. -iwj}}} {{{These statements about things being unclear and going to be fixed are themselves unclear. What exactly are you going to do? -iwj}}} |
* Student Control Panel will use vnc for remote desktop access. A function using the vncclient package is already completely implemented in the current student control panel code but disabled in the GUI since the handling on the LTSP client side wasn't clear yet; we will now fix that by adding a vnc server application (x11vnc) to the LTSP client chroot. |
| Line 47: | Line 43: |
| * Student Control Panel will generate this password dynamically on every program startup (an md5sum of a unix timestamp should suffice here) and rewrite the password in the file. {{{md5sum of a unix timestamp is no good at all for password generation! You need actual random numbers! -iwj}}} {{{It's not clear which program startup you're talking about. If you mean the Student Control Panel then surely LTSP clients which were running when SCP is started will be inaccessible? -iwj}}} |
* Student Control Panel will generate this password dynamically on every startup of the Student control Panel GUI (using PASSWORD=$(pwgen -c -n -s 20 1) should suffice here) and rewrite the password in the file. Since x11vnc reads the password on every new connection from that file it *could* affect existing Student Control Panel sessions. Because of this Student Control Panel will not start if there is already a running instance but spill a warning to first close the old one. |
| Line 54: | Line 45: |
| * Since it is not possible to run apt-get install from a postinst script, we can't just install x11vnc at install time of the student-control-panel package. | * Since we dont want to run apt-get install from Student Control Panels postinst script in the LTSP client chroot, we can't just install x11vnc at install time of the student-control-panel package. |
| Line 56: | Line 47: |
| * Choosing the latter option will execute a script {{{/usr/share/student-control-panel/install-client-vnc.sh}}} which will run {{{ apt-get install x11vnc }}} in the client chroot with the above described option preseeded. {{{Why not use a package dependency? Eg, Recommends. (See also RecommendsSupport) -iwj}}} |
* Choosing the latter option will execute a script {{{/usr/share/student-control-panel/install-client-vnc.sh}}} which will run {{{ apt-get install x11vnc }}} in the LTSP client chroot with the above described option preseeded. |
| Line 62: | Line 51: |
| * A student-control-panel listener service will be installed in /usr/share/dbus-1/services/ which will listen for messages from student-control-panel and execute the requested applications in the users session. DBUS has the security built in to not accept any messages except from SCP (see http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol for tech details). This is a simple and elegant solution. {{{We need more detail here. The reference is to the dbus specification's generic authentication protocol framework. Which actual protocol will you be using ? How will SCP prove that it is actually SCP ? -iwj}}} |
* A student-control-panel listener service will be installed in /usr/share/dbus-1/services/ which will listen for messages from student-control-panel and execute the requested applications in the users session. DBUS has the security built in to not accept any messages except from SCP we will use the simple MAGIC_COOKIE variant described in http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol. This is a simple and elegant solution and security wise way beyond the xhost/DISPLAY variant all other similar tools use nowadays. |
| Line 73: | Line 59: |
| * The UI will get a plugins menu. The directory /usr/share/student-control-panel/plugins will be read on every program start. Python scripts added to that dir will show up in that menu. student-control-panel will export the userlist of the selected users from the GUI in the variable $SCPUSERS for these scripts, this will make it very easy for people to enhance the program and to contribute the plugins back into a student-control-panel-plugins package. {{{Why only Python scripts ? Surely any executable program ? -iwj}}} {{{Do not use environment variables called SCP* for this project. The name SCP is already taken for the scp program and you should avoid clashes. -iwj}}} |
* The UI will get a plugins menu. The directory /usr/share/student-control-panel/plugins will be read on every program start. Python scripts added to that dir will show up in that menu (for now only python scripts since we want to encourage the edubuntu community who contributes most to that program to use python, but that can be enhanced to other binaries in the future). student-control-panel will export the userlist of the selected users from the GUI in the variable $LTSP_USERS for these scripts, this will make it very easy for people to enhance the program and to contribute the plugins back into a student-control-panel-plugins package. |
| Line 80: | Line 63: |
| * Determine the best default options (compression, scaling of the windowsize etc) for x11vnc to be added to the initscript {{{You should say how you plan to make this decision and/or justify leaving the choices until later. -iwj}}} |
* Determine the best default options (compression, scaling of the windowsize etc) for x11vnc to be added to the initscript by user feedback during developent. |
Launchpad Entry: https://launchpad.net/distros/ubuntu/+spec/student-control-panel-completion
Created: Date(2006-06-09T00:49:46Z) by OliverGrawert
Contributors: OliverGrawert
Packages affected: student-control-panel, x11vnc
Summary
Roadmap for finishing the basic implementation of student-control-panel
Rationale
To control LTSP connections in a school environment, an application that interacts with the ltsp server and the clients is needed. An initial implementation of this application tailored for the Ubuntu LTSP implementation called student-control-panel was uploaded to dapper. It currently implements basic connection control: it shows a list of the users and the ip each client they are using, allows the administrator to cut the connection for one, more or all users, and can show the currently running processes of a single user.
More features are needed to provide a full student control application for school environments.
Use cases
Dr. Miller teaches biology in an ltsp equipped class. He has several students he suspects to secretly browse the web while he is not looking. Using student-control-panel he can monitor the students desktops via vnc to see if his suspicion is true.
Miriam teaches about free software in a class that uses a ltsp setup. She wants to demonstrate several free software apps she wants to start up on all students desktops. She hits ctrl-a to select all students in student-control-panel and clicks on the execute button which brings up a dialog to execute a command on all selected desktop simultaneously.
Anselmo has one student he doesn't want to be able to access the commandline from his desktop, since this specific student is known to write harmful scripts. Anselmo right clicks on the student's name in student-control-panel and selects the lock down option there. Pessulus pops up and Anselmo checks the "Disable Commandline" checkbox. What is Pessulus? -iwj
Scope
Easy handling of student LTSP connections.
Design and Implementation
Killing processes
- Add kill option for commands in processlist. Basic implementation is done (button currently hidden in the UI); needs some trivial code to interconnect the kill button with processlist selection).
Remote desktop access
- Student Control Panel will use vnc for remote desktop access. A function using the vncclient package is already completely implemented in the current student control panel code but disabled in the GUI since the handling on the LTSP client side wasn't clear yet; we will now fix that by adding a vnc server application (x11vnc) to the LTSP client chroot.
- For the client implementation the x11vnc package will have to be installed in the client chroot.
- The package will get a preseedable debconf option (suggestion: ltsp-client-mode), if this option is set to true, the postinst script installs an initscript which starts x11vnc connected to localhost:0 at boottime of the client and makes it read a custom password from a file thats located in the client chroot.
- Student Control Panel will generate this password dynamically on every startup of the Student control Panel GUI (using PASSWORD=$(pwgen -c -n -s 20 1) should suffice here) and rewrite the password in the file. Since x11vnc reads the password on every new connection from that file it *could* affect existing Student Control Panel sessions. Because of this Student Control Panel will not start if there is already a running instance but spill a warning to first close the old one.
- Since we dont want to run apt-get install from Student Control Panels postinst script in the LTSP client chroot, we can't just install x11vnc at install time of the student-control-panel package.
- A "first start popup window" will be added to the GUI, with a checkbox "Dont show this window again" and a button "Install remote desktop access".
Choosing the latter option will execute a script /usr/share/student-control-panel/install-client-vnc.sh which will run apt-get install x11vnc in the LTSP client chroot with the above described option preseeded.
Execution of programs in the users session(s)
A student-control-panel listener service will be installed in /usr/share/dbus-1/services/ which will listen for messages from student-control-panel and execute the requested applications in the users session. DBUS has the security built in to not accept any messages except from SCP we will use the simple MAGIC_COOKIE variant described in http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol. This is a simple and elegant solution and security wise way beyond the xhost/DISPLAY variant all other similar tools use nowadays.
Lockdown on the fly
A context menu will be added to the student list to start pessulus for a user to modify settings on the fly. (Screenshots: http://www.gnome.org/~vuntz/pessulus/screenshots/), that will allow things like disabling commandline access or locking down browser functionallity if epiphany is used by the student.
Plugins
- The UI will get a plugins menu. The directory /usr/share/student-control-panel/plugins will be read on every program start. Python scripts added to that dir will show up in that menu (for now only python scripts since we want to encourage the edubuntu community who contributes most to that program to use python, but that can be enhanced to other binaries in the future). student-control-panel will export the userlist of the selected users from the GUI in the variable $LTSP_USERS for these scripts, this will make it very easy for people to enhance the program and to contribute the plugins back into a student-control-panel-plugins package.
Outstanding issues
- Determine the best default options (compression, scaling of the windowsize etc) for x11vnc to be added to the initscript by user feedback during developent.
StudentControlPanelCompletion (last edited 2008-08-06 16:27:07 by localhost)