Let’s say I want to enforce certain settings, such as the use of a proxy in network settings for certain users.
Isn’t this easily bypassable by for example by installing TOR browser or using a VPN app in the user space?
How does system mangers can be sure users will only use the system as planned by the sysadmin? I’m especially interested in network settings, but in general I would be interested to know more about this/be pointed towards the right direction.
Thank you!
besides just downloading and running a binary, there are plenty of package managers that work in the user space and don’t need root access.
If you are setting up a secure system though you would only use a package manager that needed sudo
Trying to “secure” a turing-complete computer system by some arbitrary limits like that will never work. Unless you manage to directly prevent traffic that isn’t going through your proxy, it’s all pointless as people will just hack stuff together, be it by downloading binaries themselves and placing them in the home dir, or even by running them in-memory.
Who’s setting up the system is not necessarily the same person using it.