Re: Locking down desktop


I don't know if this answer your question:

On Thu, 28 Sep 2000, Guillermo S. Romero / Familia Romero wrote:

> andyr 4servicesupport com (2000-09-28 at 1106.15 -0400):
> > I'm looking for a good way to lock down desktop configurations for
> about 100 users.  The users are on Gnome 1.2 with Sawfish, and they
> log in via NIS with NFS-mounted /home directories on a server.  I
> think I might be able to set permissions on their config files so they
> can't be altered by non-root users, but I don't want to break other
> processes that might want to access these files.  All I need to do is
> to prevent users from changing their panels, add/remove programs from
> the desktop, or change background images, etc.  Basic "corporate"
> stuff.  This would make an interesting mini-howto....
> It seems most of the config files are accessed each time, cos I have
> lot of files with today as date, but last time I saved a session was
> weeks ago. So I guess you will have a really hard time helping "tech?
> a program gives an error!" phones calls.
> Why not allow user freedom to do whatever they want? If you want
> productive people, you should allow them set their environment as they
> want, in the same way people is allowed to place papers over their
> desktops as they want. And after having seen some defaults settings in
> work places, I can tell you that the worst is to be forced. Maybe they
> will even request better health benefits to protect the eyes or
> compensate the stress of using "wrong size shoes", for example.
> If the problem is about standard config... why do you use 100 users
> instead of one? The best way to force people to use their own account
> is when the are really uncomfortable every second (rare colors, rare
> placement of things). Logging out and in does not take years. And
> people can even have multiple sessions at the same time over the same
> machine (supposing the terminal allows that... *BSD abd Linux do).  I
> have found it is the best way to force people to use their own account
> (and reduces password sharing).
> If the problem is about people breaking things, do a script to delete
> and recreate a default config. It has been commented a lot here:
> create an account with name dummy for example, then save session and
> copy the .gnome dir to a root owned place. When you need to clean a
> user's config, rm the user's .gnome, copy the saved one there and then
> with a sed script change all "dummy"s to "username".
> BTW, I would name it "Dictatorship-HOWTO". Specially since the reset
> to sane config system can be used and takes a few minutes for the
> scripts, and a few secs each time someone needs to fix the settings.
> Teach your users about text terminal via login / telnet / ssh and the
> command "default-gnome-config" (for example). Maybe put that info as
> GDM text.
> But hey, it is your workplace. You decide, you do the work, and you
> stand the complains.
> _______________________________________________
> gnome-list mailing list
> gnome-list gnome org


Arturo Tena
arturo directmail org

"we share our source code with others in the hopes that programmers overall can
make more progress by building on each other's works than by trying blindly to
replicate what was done decades ago"
   Philip Greenspun (

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]