hi! Only to say that a friend of mine has worked in a KDE project in which they need to lockdown the desktop and they have found the KDE kiosk mode very useful. There is a HOWTO about the KDE kiosk mode. http://dot.kde.org/997748764/ Cheers -- Alvaro El lun, 13-10-2003 a las 16:07, Matt Keenan escribió: > Folks, > > OK after much taught based on the feedback given to my first proposal I have > gone back and taken a much higher approach to the problem in hand. > > By simply looking at the general areas that need to be locked down such as : > > - Desktop Icons > Sys admins want to lockdown a users icons. > > - Panel Configuration > Locking down of panels location, contents etc.. > > - Application Launching > Locking down of what applications a user can run. > > - Terminal Access > Locking down of terminal access. > > - Location Viewing > Locking down of locations a user can browse. > > - Lock Screen / Logout > Locking down of Lock Scree and Logout functionality. > > The origional idea as too grunular in that I was focusing on tasks within > areas of the desktop such as nautilus only or the panel only. > This approach concentrates on the desktop as a whole. > > Now for the details : > > I still propose that we use one specific location within Gconf for holding > lockdown keys : > > /desktop/gnome/lockdown > > > - Desktop Icons > > A new key will be used to lockdown desktop icons : > > boolean /desktop/gnome/lockdown/lockdown_desktop_icons > > If this key is set then icons on the desktop are completely > locked down, you cannot : > Remove > Hide Move To Thrash menu item. > > Add > Hide New Folder and New Launcher menu items. > > Rename > Hide Rename menu item. > > Placement > Ensure icons cannot be dragged > > Properties > Icons properties is not accessable, so that > users cannot change to a custom icon or add > emblems. Hide Properties menu item for icons. > > New Folder > Hide New Folder menu item. > > Duplicate > Hide Duplicate menu item. > > Stretch/Restore > Hide Stretch/Restore icon menu items. > > - Application Launching > > Two new keys will be used for the lockdown of application launching : > > boolean /desktop/gnome/lockdown/restrict_application_launching > string/list /desktop/gnome/lockdown/allowed_applications > > If restrict_application_launching is set, the the list key > allowed_applications will be checked. This list will simply be a list > of binaries that are allowed to be launched. By default the key > restrict_application_launching will be FALSE, and the list key > restrict_application_launching will be FALSE, and the list key > allowed_applications will contain a complete list of applications are > available on the desktop. This will ensure that when application > restriction is turned on a sysadmin will be able to simply remove > whatever applications are necessary from the list. > > This will involve hiding nautilus menu options such as : > Open > Open With > Open In New Window > New Launcher > Scripts > > This will also control double-click behaviour on executable permission files. > > Within the panel this list can be used to determine what menu items are > displayed. The Exec element of a .desktop does not appear in the allowed > applications list then that menu item will not be displayed in the Menu. > For example if you wanted to get rid of the Find Files menu item then simply > turn on restrict_application_launching and make sure gnome-search-tool is > not in the allowed_applications list. > > - Location Restriction > > Two new keys will be used for the lockdown of locations within nautilus : > > boolean /desktop/gnome/lockdown/restrict_locations > string/list /desktop/gnome/lockdown/allowed_locations > > If restrict_locations is not set, then all locations will be viewable > however if it is set, then the list contained in allowed_locations will > be checked to see if a user can browse to that location within nautilus. > If the location is a path, then any subdirectories underneath that path > are seen as accessable locations. Location restriction can also be used > for hiding the Disks menu item. The adding of new devices can also be > dealt with here, as the new devices location will not be in the allowed > locations list, so therefore will not appear within Nautilus. By default > location restriction will be FALSE, and the list allowed_locations will > contain a default list of viewable locations from nautilus. > > - Command Line Interface > > A new key will be used to control whether a command line interface > will be available or not. > > boolean /desktop/gnome/lockdown/disable_command_line > > This key if set will be responsible for hiding all terminal access from > users. Hiding such menu options as : > > New Terminal > Run Application > Command Line applet. > Applications->System Tools->Terminal > > Although if you want to restrict specific terminal items appear in the > panel menus you could just ensure that gnome-terminal does not appear > in the allowed applications list. > > > - Panel Configuration > > A new key will be used to lockdown the panel : > > boolean /desktop/gnome/lockdown/lockdown_panel_config > > This key if set will control the appearance of the following > menu items : > Add To Panel > Delete This Panel > Properties > New Panel > > Individual menu items on applets and launchers can also be controlled > such as Move, Lock and Remove From Panel. > > This can be used to ensure users cannot Add new panels, remove existing > ones, change the contents of existing panels, or change the location of > existing panels by monitoring drag and drop of panels. > > - Lock Screen/Logout > > A new gconf key will be used to determine wheter the lockscreen and > logout menu options appear in the panel : > > boolean /desktop/gnome/lockdown/disable_lockscreen_and_logout > > This is particularly useful in Shared Desktop scenarios where you > specifically do not want users to lock their screen or logout. > > > - Miscellaneous > > o Desktop Identity > The desktop background and themes already have gconf keys associated > with them. The writability of these keys can be checked and if > not writable, then in nautilus the Change Desktop Background and > Use Default Background menu items can be hidden and in the Panel > the Theme Manager menu item can be hidden. The Theme Manager could > also be hidden of Application Launching restriction is used and the > the binary gnome-theme-manager is not present it will not be displayed. > > > o Setting Printers. > To ensure a user does not change their default printer etc, then the > printers:// location can be ommited from the allowed locations list. > > o MIME Type Setting > The application gnome-file-types-properties is used to change your > default MIME type settings. To restrict a user from doing so then > remove this binary from the allowed_applications list. > > o Default Keyboard Shortcuts > Similar to MIME settings to change your default keyboard and shortuts > the binary gnome-keybindings-properties is used. Just ensure this > not be shown for them. This could also be done for Multimedia Keyboard > shortcuts. > > > In summary I am proposing the following new keys : > > boolean /desktop/gnome/lockdown/lockdown_desktop_icons > boolean /desktop/gnome/lockdown/restrict_application_launching > string/list /desktop/gnome/lockdown/allowed_applications > boolean /desktop/gnome/lockdown/restrict_locations > string/list /desktop/gnome/lockdown/allowed_locations > boolean /desktop/gnome/lockdown/disable_command_line > boolean /desktop/gnome/lockdown/lockdown_panel_config > boolean /desktop/gnome/lockdown/disable_lockscreen_and_logout > > This I feel is a far better approach that what I had originally conceived and > is a good starting point with regard to locking down your desktop. > > Please feel free to comment.... > > Regards.. > > Matt >
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente