By Todd Smith -
@Brian - yes of course this is a constant battle with project requirements, but overall I think it would also lessen my load in terms of forensic analysis, crawling through logs etc.
@Willem - that was our first test a few years back, the biggest issue is sound passthrough and of course load balancing the backend because you know there's that guy with like 20 tabs worth of flashgames open. It's a solution but its not really manageable, we also found that you can still transfer files to the application server (you can't seperate scp from ssh).
@DY - This is interesting.
Todd Smith
Head of Information Technology
soho vfx |
99 Atlantic Ave. Suite 303, Toronto, Ontario M6K 3J8
office: (416) 516-7863 fax: (416) 516-9682 web: sohovfx.com
we have accomplished this by way of a chroot jail that has everything you need to run firefox 17 (with glibc etc from centos 6.2)just built a simple jail served over nfs from an export one level above the projects so that the browser has literally zero access to any project files. you can't upload or download anything from the internet. want some reference? that's where you need to go to your PM (or other exempt machine / user) and say "download this for me".the workstations use a helper program called schroot to chroot and launch in one go, and using clever tricks in the chroot bashrc to instantly kill the session after firefox closes no one can tamper with the jail. not that that would make a difference cause again, you literally cannot access project files from the jail or the jail from outside of the jail (as a regular user).-DY
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe