Single administrator computer for systems with only regular account on network

Solution 1:

To manage multiple machines from a central computer, you could try learning a system management platform such as Puppet. It allows you to manage multiple machines (puppets) from one main machine (puppetmaster). Depending on your scenario it might be a bit overkill, but it is an excellent tool to manage many machines from a central point of control. It also makes it very easy to set up new machines (or re-install the old ones), as you can pull all configuration, package lists etc from the server.

Here is a link to a ubuntu how-to guide to install & test puppetmaster.

Solution 2:

Hide administrators

At least one administrative user is needed on each system because in Ubuntu a distinct root account is disabled*. Nevertheless it would be possible to hide this user "administrator" from gdm login by adding the following line in /etc/gdm/custom.conf:

[greeter]
Exclude=nobody,administrator

We may further restrict read access of non-administrative users to /home/administrator/.

For administrative tasks we login locally as user administrator (e.g. on the command line or by choosing others in the GUI), or remotely via ssh.

Define ssh_config

For issuing a command to a multiple remote machines we need to define a local config file in ~/.ssh/ssh_config where we list details needed to log in to our remote machines and where we can define convenient names for the clients:

# ssh configuration
Host remote1
    HostName 192.168.0.1
    Port 22
    User USERNAME

Host remote2
    HostName 192.168.0.2
    Port 22
    User USERNAME

Additional options may be needed to further control session details (such as disabling password authentication).

Run command on multiple clients

We now write a script that connects to one client after the other to run a given command:

#!/bin/bash

# run a command on multiple remotes   

REMOTES=$1;shift
COMMAND=$1;shift

for remote in $REMOTES
do
    echo $remote
    ssh -oConnectTimeout=10 $remote $COMMAND
done

If this script was named remote_command.sh we are able to run any command on our remote machines 1-X by invoking:

remote_command "remote1 remote2 ... remote<X>" "<COMMAND>" > remote_command.log

Depending on individual needs we could read a list for $REMOTES from a file or we could use a regular pattern for names of the remotes for convenient script usage. If remote clients do not change we could also code all names in this script to invoke it with the command only.

*Re-enabling the root account (by defining a valid password for root with passwd root <password> in a root shell) is discouraged as disadvantages overweigh.

Solution 3:

It's not exactly cheap, nor open source, but maybe Canonical's Landscape can help.