Re: Lockdown stuff
- From: Matt Keenan <Matt Keenan sun com>
- To: desktop-devel-list gnome org
- Subject: Re: Lockdown stuff
- Date: Tue, 07 Oct 2003 15:49:45 +0100
As a follow up to what George has been working on, I want to get this
discussion going again. I have been looking into further locking down the
desktop in various areas, my approach was to take a list of tasks that I would
like to achieve and see what could be done within Gconf that would enable us to
acheive these tasks.
A number of new Gconf keys need to be created and I propose that these be
kept in one location, makes identifying keys used for lockdown so much simpler
if they are in one place, such as :
For General Desktop Lockdown keys :
/desktop/gnome/lockdown/<lockdown_key>
For specific application lockdown keys :
/desktop/gnome/lockdown/<app>/<lockdown_key>
I have split the tasks into sections :
1. Nautilus
- Restrict a user from removing/adding/moving/renaming or accessing the
properties of desktop icons.
New keys :
/desktop/gnome/lockdown/nautilus/lockdown_desktop_icons boolean
/desktop/gnome/lockdown/nautilus/icons_to_lockdown list/string
If lockdown_desktop_icons is set then basically all default icons on
the desktop are locked down, a user cannot remove/rename/move them and
they cannot add more icons.
Basically involves hiding the menu items Rename, Move To Thrash, Move to
Thrash. And for adding new items, restrict dropping, and the menu items
New Folder/New Launcher from within Nautilus.
If lockdown_desktop icons is not set then the icons_to_lockdown key is
referred to, this key will contain a list of specific .desktop files that
are locked down, and only these will be restricted from removing/renaming/
moving. A user will be able to add new icons, and the newly added ones
will not be locked down.
The above two keys will also be used to determine if an icons properties
can be accessed.
- Restrict users from accessing a files properties, either from File menu or
context menu.
New key :
/desktop/gnome/lockdown/nautilus/disable_properties boolean
If set simply hide the properties menu item.
- Restrict users from running applications within nautilus.
New keys :
/desktop/gnome/lockdown/nautilus/disable_application_launching boolean
This will have the affect of hiding the Open, Open With and Open in New
Window menu items, and also disable double-click launching.
- Restrict a user from browsing directories/locations.
New Keys :
/desktop/gnome/lockdown/nautilus/restrict_viewable_locations boolean
/desktop/gnome/lockdown/nautilus/viewable_locations list/string
If restrict_viewable_locations is NOT set, then all locations/directories
are viewable to the user. If it is set then the viewable_locations key will
be checked. This key will contain a list of locations that a user can view
which can include directory paths and nautilus locations such as network://
etc.. If the list is empty then the user cannot view any locations.
- Define sensitivity for all context menu items :
New Keys :
/desktop/gnome/lockdown/nautilus/disable_new_window boolean
/desktop/gnome/lockdown/nautilus/disable_new_folder boolean
/desktop/gnome/lockdown/nautilus/disable_new_launcher boolean
/desktop/gnome/lockdown/nautilus/disable_new_terminal boolean
/desktop/gnome/lockdown/nautilus/disable_scripts boolean
/desktop/gnome/lockdown/nautilus/disable_cut boolean
/desktop/gnome/lockdown/nautilus/disable_copy boolean
/desktop/gnome/lockdown/nautilus/disable_paste boolean
/desktop/gnome/lockdown/nautilus/disable_duplicate boolean
/desktop/gnome/lockdown/nautilus/disable_make_link boolean
/desktop/gnome/lockdown/nautilus/disable_rename boolean
/desktop/gnome/lockdown/nautilus/disable_move_to_thrash boolean
/desktop/gnome/lockdown/nautilus/disable_stretch_icon boolean
/desktop/gnome/lockdown/nautilus/disable_restore_icon boolean
/desktop/gnome/lockdown/nautilus/disable_add_to_archive boolean
/desktop/gnome/lockdown/nautilus/disable_disks boolean
/desktop/gnome/lockdown/nautilus/disable_use_default_background boolean
/desktop/gnome/lockdown/nautilus/disable_change_desktop_background
boolean
Just hide the relevant menu item of the key is set.
- Disable setting of default printer
New Key :
/desktop/gnome/lockdown/nautilus/disable_make_default_printer boolean
Hides the Make Default Printer context menu item.
- Restrict user from adding new devices
New Key :
/desktop/gnome/lockdown/nautilus/disable_new_devices boolean
We can't physically stop a user from adding a new device such as a digital
camera etc... but if this key is set, then ensure that Nautilus does not
react to it, e.g. showing an icon for a USB device etc....
2. GNOME Panel
- Restrict a user from adding/removing panels
New Keys :
/desktop/gnome/lockdown/panel/disable_new_panel boolean
/desktop/gnome/lockdown/panel/disable_delete_this_panel boolean
If set hide the context menu items New Panel and Delte This Panel.
- Restrict a user from adding items (launchers/applets) to their panel.
New Key :
/desktop/gnome/lockdown/panel/disable_add_to_panel boolean
If set simply hide the menu item Add To Panel. This will do for strict
lockdown, if more granularity is required then individual keys could be
defined for the specific entries un the Add To Panel submenu.
- Restrict access to the rest of the Panel Context Menu.
New Keys :
/desktop/gnome/lockdown/panel/disable_run_application boolean
/desktop/gnome/lockdown/panel/disable_run_find_files boolean
/desktop/gnome/lockdown/panel/disable_run_log_out boolean
/desktop/gnome/lockdown/panel/disable_run_lock_screen boolean
/desktop/gnome/lockdown/panel/disable_run_open_recent boolean
/desktop/gnome/lockdown/panel/disable_run_properties boolean
Again if set hide the relevent Menu item.
- Restrict all terminal access from panel.
This is a tricky as currently terminal access can be achieved from the
following menus :
Add To Panel->Launcher (Add a new terminal launcher)
Add To Panel->Launcher From Menu (Use the terminal menu entry
Add To Panel->Utility->Command Line Applet
Applications->Run Command
Applications->System Tools->Terminal
We could have simply one key :
/desktop/gnome/lockdown/panel/restrict_terminal_access boolean
And this would in effect hide all of above., or have individual keys for
all of the above., the key disable_add_to_panel, key can cater for the first
three mentioned already.
Another way could be to have a general desktop key :
/desktop/gnome/lockdown/restrict_terminal_access boolean
Which could be be used by nautilus as well...
Open to ideas here as to how this might be best achieved.
- Restrict a user from moving location of their panel
A user can change their panel orientation by :
- Drag and Drop
- Panel Context->Properties
There is already Gconf keys in place for each of the panel's properties
/apps/panel/profiles/<panel>/orientation etc...
If these are locked then the user should not be able to change the location
of their panel.
3. Network Access
- Restrict user from setting/changing their proxy settings
There are already a number of keys for this in gconf for http, ftp etc.
Just missing two for gopher. So two new keys needed here
/system/proxy/gopher_port int
/system/proxy/gopher_host string
- Define a list of http locations that proxy is not needed for.
New Key :
/system/http_proxy/no_proxy_for list/string
This key will contain a list of locations for which a proxy is not required.
4. GConf
- Restrict users from accessing gconf database.
New Keys :
/desktop/gnome/lockdown/gconf/disable_gconf_tools_access boolean
If set then the user cannot run gconf-editor or gconftool-2.
- Allow certain users to view/modify a given set of settings within their
gconf database.
New Keys :
/desktop/gnome/lockdown/gconf/tree_access_rights string
/desktop/gnome/lockdown/gconf/partial_access list/string
If the key disable_gconf_tools_access is set then neither of these two will
be checked.
If disable_gconf_tools_access is not set then firstly tree_access_rights is
checked this can have three values :
read-only - user has read-only acces to entire database
read-write - user has read-write access to entire database
partial - user has partial access to database
If the value of tree_access_rights is partial, then the partial_access key
is checked. It will contain a list of strings in the format :
path:access_type
where path is a complete path into gconf, and access_type is either
read-only or read-write. Thus it will define a list of paths into a gconf
database and the type of access the user has to that path. If the list is
empty then the user will have no access to Gconf, similar to setting
the key disable_gconf_tools_access.
What are people's comments on the above...
Phew... now that took a bit of time..
Matt
--
__.--'\ \.__./ /'--.__
_.-' '.__.' '.__.' '-._
.' Matt Keenan (mattman) '.
/ Sun Microsystems Ireland \
| |
| E-Mail : Matt Keenan Sun Com |
| mattman iol ie |
| |
| Irish Fantasy League Of American Football |
| http://www.iflaf.com |
| |
| Happy Hookers Golf Society |
| http://www.iol.ie/~mattman/golf/hhgs.htm |
| |
| Phone : +353 1 8199251, Sun Ext : 19251 |
\ .---. .---. /
'._ .' '.''. .''.' '. _.'
'-./ \ / \.-'
''
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
