Re: Locking down desktop

andyr 4servicesupport com (2000-09-28 at 1106.15 -0400):

> I'm looking for a good way to lock down desktop configurations for
about 100 users.  The users are on Gnome 1.2 with Sawfish, and they
log in via NIS with NFS-mounted /home directories on a server.  I
think I might be able to set permissions on their config files so they
can't be altered by non-root users, but I don't want to break other
processes that might want to access these files.  All I need to do is
to prevent users from changing their panels, add/remove programs from
the desktop, or change background images, etc.  Basic "corporate"
stuff.  This would make an interesting mini-howto....

It seems most of the config files are accessed each time, cos I have
lot of files with today as date, but last time I saved a session was
weeks ago. So I guess you will have a really hard time helping "tech?
a program gives an error!" phones calls.

Why not allow user freedom to do whatever they want? If you want
productive people, you should allow them set their environment as they
want, in the same way people is allowed to place papers over their
desktops as they want. And after having seen some defaults settings in
work places, I can tell you that the worst is to be forced. Maybe they
will even request better health benefits to protect the eyes or
compensate the stress of using "wrong size shoes", for example.

If the problem is about standard config... why do you use 100 users
instead of one? The best way to force people to use their own account
is when the are really uncomfortable every second (rare colors, rare
placement of things). Logging out and in does not take years. And
people can even have multiple sessions at the same time over the same
machine (supposing the terminal allows that... *BSD abd Linux do).  I
have found it is the best way to force people to use their own account
(and reduces password sharing).

If the problem is about people breaking things, do a script to delete
and recreate a default config. It has been commented a lot here:
create an account with name dummy for example, then save session and
copy the .gnome dir to a root owned place. When you need to clean a
user's config, rm the user's .gnome, copy the saved one there and then
with a sed script change all "dummy"s to "username".

BTW, I would name it "Dictatorship-HOWTO". Specially since the reset
to sane config system can be used and takes a few minutes for the
scripts, and a few secs each time someone needs to fix the settings.
Teach your users about text terminal via login / telnet / ssh and the
command "default-gnome-config" (for example). Maybe put that info as
GDM text.

But hey, it is your workplace. You decide, you do the work, and you
stand the complains.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]