Let’s say I want to enforce certain settings, such as the use of a proxy in network settings for certain users.
Isn’t this easily bypassable by for example by installing TOR browser or using a VPN app in the user space?
How does system mangers can be sure users will only use the system as planned by the sysadmin? I’m especially interested in network settings, but in general I would be interested to know more about this/be pointed towards the right direction.
Thank you!
Yes, and no.
Some settings are harder to circumvent, like partition limits, cgroups, and sysconfig. Others are more suggestion than limit, like shell. DNS server and ssh server settings only require a knowledgeable person to circumvent.
It is best to use layers. Helpfully provide working configs. Kindly provide limits to dissuade ill use. Keenly monitor for the unexpected. Strongly block on many layers the forbidden. Come down like the hammer of god on anyone and anything that still gets through.