[TCLUG] Using Linux for Small Businesses & Non-profits Class

[rpgoldman at real-time.com]

>>>>> "David" == David Phillips <david at acz.org> writes:

    David> Wayne Johnson writes:
    >> Installing Linux (we have a lab with ~20 PCs, might as well
    >> give them some behind the wheel).

    David> This is a problem.  What distro do you use?  Do any of the
    David> distros with an easy installer offer a free, automatic
    David> system for security updates?  With Debian, you could easily
    David> setup security updates to run nightly from cron.
    David> Unfortunately, Debian does not have the easiest installer.

Mandrake urpmi makes for a pretty easy, automatic system for security
updates.  Sadly, (1) configuring urpmi requires a plunge into the
command-line, and often requires multiple tries (mirrors aren't always
available....) and (2) configuring urpmi for automatic updates
requires grokking cron.  I suppose someone could set this up in some
kind of installer wrapper for easy use by newbies.  Ideally, it would
be good to do this in some way like Bastille, that makes it easy to
understand what and why you're doing it so that eventually the user
could do it him/herself from the cl.

    David> Another issue is the operating system becoming obsolete.
    David> Some companies such as Red Hat make their operating systems
    David> obsolete faster than even Microsoft.  How does the user
    David> upgrade without reinstalling from scratch?  Ideally, the
    David> operating systems needs a way to update itself from any
    David> version to any version with no user intervention besides a
    David> few questions.

Groan.  I don't think anyone has a good answer to this one.  [Mandrake
has a pretty good try, but if you have one of the closed-source video
cards, it don't work...]

    >> Access Control (passwd, group, file system security)

    David> There is a lot more to UNIX security than just that.
    David> Understanding file permissions is almost useless without
    David> understanding process credentials.  Why shouldn't things
    David> run as root?  Why shouldn't all daemons run as "nobody"?
    David> If a process is compromised, what other files and processes
    David> can become compromised?

There may be a lot more to security than that, but these people aren't
professional sysadmins, and probably don't want to be.  They probably
should be trained with some minimal understanding, not what it takes
to make them dangerous.

    >> GUI vs Command line (including a tutorial in Vi)

[...snip...]

I know this will evoke squawks, but I think you should teach a tiny
bit of emacs.  Why?  Because you get emacs keybindings all over the
place in the various shells.

Then point them at some easy to use, but relatively crippled editor
like something packaged with gnome or (my preference) KDE.  [ok, start
the religious war.]

    >> E-mail Serving

    David> Make sure to pick a secure MTA, such as qmail or Postfix.

I suggest postfix.  qmail has too many aspects that break the
conventional Unix file structure for configurations, IMHO.  If God had
meant us to use /var/qmail/control, s/he wouldn't have given us
/etc.... :-)

    >> Perl

    David> The thing for PHP also applies here, basically.  Perl is
    David> not a good first language.  If the user wants to learn Perl
    David> later, recommend a good book.

Yup.  Stay away from this puppy in semester 1.  I'd second the
suggestion of just avoiding programming languages.

    David> Yep.

    >> Any suggestions?

    David> Don't.  Newbies should not be deploying machines on the
    David> Internet, period.  Teaching them how to setup a Linux
    David> operating system for a desktop machine that will be behind
    David> a hardware NAT router is probably alright.

The fact is that they WILL be doing this, whether they should or not.
Harm mitigation seems like a reasonable thing to do.  Teaching them
how to set up a Linux desktop behind a router is a laudable goal, but
it's a different goal.  And if you figure out how to teach them to
live with a world in which MS Office docs are the de facto standard,
let me know! :-)

    David> Need an email server?  Web hosting?  Outsource it.  If an
    David> organization can't afford $15 a month for that, they
    David> certainly can't afford to be deploying machines on the
    David> internet.

    David> Businesses exist to make money, not do something a certain
    David> way because you think it is cool (case in point: vi).  Make
    David> sure a solution's total cost of ownership is cheaper than
    David> the alternatives.  Software cost is usually a small factor.

Recall that non-profits are part of the course audience.  $15/month
may not be insignificant for them.  They tend to be cash-poor and
labor-rich (at least relatively).

Cheers,
R



_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list