There should be 3 levels to this. First level is system wide and if remote access is enabled or not for either SSH or the GUI one.

Then I should be able to change an option in my user account if I can connect to my system remotely only if I'm a regular user and not an Admin user. And if I want, I can specify if it's just for the GUI remote access or if it's for the SSH remote access. If this conflicts with the system wide access setting, it should prompt me to change it.

It should also automatically open the ports on the iptables firewall but default to only allow ip's in the same subnet as me since we all use nat routers now a days. But this too should be prompted for.

For those that are confused, lets say I have 2 users. Admin and Me. Admin is the root user and can be given root access if they run sudo -s and enter in their password. Me is a regular user. I should be able to set Admin to be allowed to login via ssh or vnc quite easily. But not Me. But I can also set Me to be accessed via ssh or vnc and not Admin to be accessed via ssh or vnc. Is that better?

Hi all.

I think that all major services — Apache, Postfix, Exim, OpenLDAP, ntp, jabber server, SQL servers etc. — must be run in chrooted environments right out of the box.

Mail and web servers may be run in separate OpenVZ containers for better security.

It will be good with a NAS version of Ubuntu server. a Ubuntu version of FreeNAS. The problemet with FreeNAS is that it runs on OpenBSD platform and not Linux. There is no distributions of LINUX with target the NAS marked.

Fix Dom0 only memory to a given value by default.

In Synaptic, selecting the LAMP Server task in Edit -> Mark packages by task means installing only the core packages. This is fine except that it means that you can not for example use PHP and MySQL together without installing php5-mysql. Likewise you do not have GD2 (Absolutely necessary for generating real CAPTCHA) or Sqlite, both of which are included by default in the binary distribution of PHP5.

Now Ubuntu are stable enough to use it in enterprise, but it can not replace Windows because of lack Active Directory features. Main of AD feature is admin can configure all network from ONE server, and all configuration stores in ONE place and have the same userID for all network.

Ubuntu can do the same but it need to have common configuration repository and main programs must get config from this repo.


It is hard to change all software in Ubuntu to use common config-API, but Canonical can change their own soft (Bazaar, etc). Then prepare soft that can configure it.

This will be great step towards usability and admin frendship. Also this will add marketing points to Ubuntu, because neither Windows not other linux distro (RHEL, etc) have same functionality. SuSE have Yast, but it is not the same.

Ubuntu and Canonical as a big Linux player can begin this great task, and help Open Source projects create ONE configuration API and move to using it.

May be you should look at gconf first and another tools next. And begin to migrate Cannonical own products to this common conf API, then help other projects.

This IDEA will easily fix http://brainstorm.ubuntu.com/idea/68/ and so on.

I manage 4 schools that run ubuntu on their computers. Currently we use Zentyal Server (linux dist) that runs OpenLDAP for central authentication. But it does not give us SingleSignOn etc. It also hosts SMB shares for user files etc.

I know Zimbra and Scalix are popular solutions for groupware but I chose Citadel because it's more open. Unfortunately I discovered that the only way to use it with Evolution is with the groupdav plugin. It appears the groupdav plugin is extremely difficult to find even though it says it's in beta. I think we should include the beta groupdav plugin in the repository or find/create an alternate plugin that will work.

There should be a good, web-based certificate authority that can be used to secure an organisation.

SSL CAs can be used to secure connections between machines (VPNs like IPSec etc.), to access services securely (https, email upload/download, etc.), to avoid passwords (single sign-on using pam), to log in with USB keys rather than passwords, to encrypt email, to setup chains of authority within an organisation...

SSL certificates are VERY useful... especially when integrated into a proper PKI infrastructure. We already have the core tools for this in OpenSSL. The problem is that OpenSSL's command line tools are a little more cryptic than the most cryptic commands I've ever seen.

In comparison, Microsoft's Certificate Services are quite straightforward.

There's no reason for this to be complicated just because it's a powerful tool. Why not make it easy for users?

Easy way to manage multiple Internet connections with one server.
Example: if i have 2 group of users Sales and IT, and i have 2 adsl connections, i want to use one ADSL for sales group and another for IT, but if Sales group is not using your adsl, IT can use it (load balancing).