it-team/lmn-client
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lmn-client/doc/exam_mode.md
Raphael Dannecker 02aac5ab15 Improve exam-mode documentation
2026-02-14 16:32:47 +01:00

1.5 KiB
Raw Blame History

exam_mode

Description / use cases

Activating Exam Mode: Functionalities

When a user logs in with the -exam designation, the following functionalities will be activated:

  • The firewalld.service will start, blocking all incoming traffic. Additionally, it will restrict outgoing traffic to the addresses specified in exam_destination_allowed_ipv4, if this variable is set. Communication is permitted with devices listed in exam_teacherpc_ips, including the teacher PCs. By default, the IP of the teacher PC is determined by the client's IP, with the last digit in the last octet specified by exam_teacherpc_last_digit.

  • The home and media directories of -exam users will be renamed the following day and removed after a certain period. This is crucial because the -exam user will be created anew (with a new user ID) upon the initialization of Exam Mode. Without renaming/deleting the home and media directories, the new -exam user would be unable to log in on the same PC, especially on machines with local home configurations.

Requirements

none

Example

Per default, all hosts will get exam_mode. But we don't want exam_mode on teacher devices. In exam_mode the Networks 10.0.0.0/24, 10.0.1.0/24, 192.168.122.0/24/24 will be reachable.

inventory.yml

all:
  vars:
    exam_destination_allowed_ipv4:
      - 10.0.0.0/24
      - 10.0.1.0/24
      - 192.168.122.0/24

teacherdevices:
  hosts:
    10.0.14.[1..75]
  vars:
    exam_mode: false