01-12-2018, 03:24 PM | #1 |
Groupie
Posts: 164
Karma: 31650
Join Date: May 2011
Location: Asuncion (Paraguay)
Device: Several Kindle 3 KB's
|
How to protct the library ?
I have been asked to install Calibre under Linux on the self-service computers in a public library.
How can I protect the (Calibre) library from intempestive deletions, additions, metadata edits etc ? I was wondering about setting the whole Calibre library directory read-only for the guest users account. Would that work ? Any other way to bomb-proof the data ? Or any other advice ? |
01-12-2018, 08:23 PM | #2 | |
Well trained by Cats
Posts: 29,807
Karma: 54830978
Join Date: Aug 2009
Location: The Central Coast of California
Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A
|
Quote:
Set up a Content server PC, them just put a bookmark (for web browser) for the public machines. View, download... but no change |
|
01-12-2018, 09:21 PM | #3 |
creator of calibre
Posts: 43,860
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
And if you want to use the full calibre in read only mode, you keep the library in a central computer to which patrons dont have access and you sync it (one way) from the central computer to the rest, so even if people make changes they will be reversed at the next sync.
|
01-13-2018, 12:04 PM | #4 | |
Wizard
Posts: 1,613
Karma: 6718479
Join Date: Dec 2004
Location: Paradise (Key West, FL)
Device: Current:Surface Go & Kindle 3 - Retired: DellV8p, Clie UX50, ...
|
Quote:
|
|
01-13-2018, 12:26 PM | #5 | |
Wizard
Posts: 1,738
Karma: 26006874
Join Date: Sep 2017
Device: PW3, Fire HD8 Gen7, Moto G7, Sansa Clip v2, Ruizu X26
|
Quote:
If each Calibre access station in your library is a full fledged PC, then you could have your one main database on a machine not accessible to the public, then rsync that over to EACH individual PC running its own individual copy of Calibre. But, each of those individual PC's would be able to modify their individual database (you would overwrite those changes with the next rsync though). Still, in a public setting, I don't think you'd want to expose yourself for such potential abuse of the individual databases. You could maybe use the OS to mark everything Calibre can access as read-only, but I imagine that would make for some pretty problematic error messages/behavior that you wouldn't want to put in front patrons of your library. So we're back to using the Content Server part of Calibre. It is not as full featured as the main Calibre interface, but the main Calibre interface would probably blow away 99% of your library patrons anyway. They wouldn't know how to use it. The Content Server interface does have a small learning curve, but nowhere near like the main interface. I would STILL maintain your main database separate from the database exposed by the Content Server. The main database should never be touchable, in any way, by the general public. I am wondering a bit why you'd be asked to put up Calibre in a public library. Will this be used to distribute only non-DRM'ed and freely available books? Because with Calibre, either the main interface or the Content Server interface, you can download books. If the library patron has access to a USB port on the library computer, they can stick their personal thumbdrive in there and download the books from Calibre and permanently walk off with them, never to have to return them. That's not what you typically expect in a library setting, but maybe that's what you're after in this case. |
|
01-13-2018, 02:59 PM | #6 | |
Groupie
Posts: 164
Karma: 31650
Join Date: May 2011
Location: Asuncion (Paraguay)
Device: Several Kindle 3 KB's
|
Quote:
Rather than setting up a central server, I am thinking of having a copy of the whole library directory hidden in /root/ and have a cron job rsync it every five or ten minutes to /home/guest/ |
|
01-13-2018, 03:02 PM | #7 | |
Groupie
Posts: 164
Karma: 31650
Join Date: May 2011
Location: Asuncion (Paraguay)
Device: Several Kindle 3 KB's
|
Quote:
|
|
01-13-2018, 03:35 PM | #8 |
Wizard
Posts: 1,613
Karma: 6718479
Join Date: Dec 2004
Location: Paradise (Key West, FL)
Device: Current:Surface Go & Kindle 3 - Retired: DellV8p, Clie UX50, ...
|
Another thing to disable is calibre's "Show notification when new version is available" in Preferences > Behavior.
|
01-13-2018, 06:02 PM | #9 | |
Groupie
Posts: 164
Karma: 31650
Join Date: May 2011
Location: Asuncion (Paraguay)
Device: Several Kindle 3 KB's
|
Quote:
|
|
01-13-2018, 06:43 PM | #10 |
Wizard
Posts: 1,738
Karma: 26006874
Join Date: Sep 2017
Device: PW3, Fire HD8 Gen7, Moto G7, Sansa Clip v2, Ruizu X26
|
I entered a large reply to this thread but I don't see it. Probably I closed the window rather than hitting "Submit reply". I do dumb stuff like that.
I don't want to retype the whole thing, but the gist of it was: If you have a PHYSICALLY ACCESSIBLE computer out there in the public, it is almost impossible to secure it adequately. Encrypted filesystems can help, password protected BIOS can help, strong firewalling can help, limited network access can help, full backups can help, placing it where it can be easily observed by staff can help - but it is fundamentally almost impossible to secure a computer if the users have physical access to it. For this reason, I would still recommend that you keep your Calibre library on a separate server, and this physically accessible (I assume) computer in the library should be considered an island to itself, having data rsynced (pushed) to it rather than pulled from it. Firewall it off from your internal library network (except for a very tight hole to allow the rsync). Be ready for it to be destroyed in an instant, and be able to rebuild it easily from a backup image. If you give them a USB port to download books from, then you've given them a USB port they can boot from (there are ways around BIOS passwords). If they boot from their thumbdrive, all of your local security measures are for naught (except encrypting every file system). But even with that, depending on your network setup, they may still gain access to your internal library network. Which is not a good thing. Especially since you mentioned "students". It might not be so bad if this computer was to be accessed only by senior citizens living in a closed retirement community. Physical access + students = WARNING! WARNING! WARNING! |
01-13-2018, 11:33 PM | #11 | |
null operator (he/him)
Posts: 20,572
Karma: 26954694
Join Date: Mar 2012
Location: Sydney Australia
Device: none
|
Quote:
BR |
|
01-14-2018, 11:37 AM | #12 |
Well trained by Cats
Posts: 29,807
Karma: 54830978
Join Date: Aug 2009
Location: The Central Coast of California
Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A
|
I am not sure any file can be safely be write protected. That would require that the design goal specifically included that special need that 3+ Million other users did not.
Maybe Kovid can be talked into adding a (optional) "password please" for the Preferences menu section (Just a basic 'discouragement', not serious road (hacker proof) block ) |
01-15-2018, 05:04 AM | #13 | ||
Groupie
Posts: 164
Karma: 31650
Join Date: May 2011
Location: Asuncion (Paraguay)
Device: Several Kindle 3 KB's
|
I know, but it seemed a possible way to solve my problem.
Quote:
Quote:
Otherwise I see another possibility keeping a copy or /user/.config.calibre in an inaccessible place (/opt/calibre ?) and rsync'ing from it after every session, as I think I may end up doing for the Library directory. Doing it from a server is not on, as I will not get additional hardware. |
||
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
eBook/Comic/Manga Library Management Workflow: How do you manage your library? | Inukami | Library Management | 16 | 08-02-2017 12:24 PM |
Merge Formats library into Metadata library? Or, Add Format in bulk? | Sabardeyn | Library Management | 5 | 01-23-2013 06:00 AM |
copy #1 library to #2 library, cover & .epub file lost | yujunglin | Library Management | 3 | 10-15-2011 02:13 AM |
[Old Thread] import library or export to single file add to existing library | PCreighton | Calibre | 4 | 04-10-2011 01:08 AM |
Sony Reader Library running, but Library doesn't show on screen | wyldmint | Sony Reader | 0 | 08-29-2010 01:59 AM |