If you can install software, you can still break other machines via the network, can't you?
Anyway, what I was trying to do was talking him out of those thoughts (even though I might not have been making it very clear, I'll admit).
As I see it, you should let the students experiment with the system that they are on (as users, of course). Experimentation is the best way to learn, after all.
If you restrict users, there are almost always ways to get back to normal user privileges, unless you make it an extremely boring or special purpose (such as the build and test servers you referred to) system. Getting beyond normal user privileges is harder though, unless you have build the system on the basis that users don't have normal user privileges. In that way, I'd say that it's probably more secure to give users normal user privileges, so that you don't rely on the extra margin in other parts of the system.
To be honest, I really don't have the school mentality, though. I made myself a true pain in the ass for most of my teachers. Maybe I should just stay out of this thread, so that I don't happen to make schools a free and happy place, which would probably be too bad... =)
maybe you should check out this distro that is speciffically made for schools. they could probably give you some tips. they have server and workstation cds too. they are located at http://k12linux.org/contents.html in case you wanted to check it out.
maybe you should allow them to only download things to their home dir and not give them execute permissions to that dir and any subdirs. also restrict them from any command line.
think of this though.....
1. > 3/4 on comprehensive school students dont even know what linux is, nevermind being able to hack its security measures...
2. > If you block downloads then the students cant even download the programs and therefore cant execute any other program than the ones you give them access to
3. > it is part of the national curriliculum in the UK that students have to be able to use programs like MS Word, Excel, Access and these are only available on windows..... so if you used linux then this isn't possible
4. > if you give students access then that takes away their desire to gain access.... so therefore give the students more access rather than less
how is it part of the UK system? Did they decide to implement US software in every school system?
You've also got to watch the very few students that can hack. (in my old school they was about 5 out of 1400 students)
The best way for that in my opinion is give them increased access and get them to discover problems and then the admin fixes them.
Thats what they did in my school. I used to hack the network like crazy and they would fix what me and a few others found.