Re: Gnome Lock Down



>>>I am building an Internet cafe (using ltsp). I want to
>>>lock down the desktop and the menus so that nobody can
>>>fool around and change or delete icons etc. How can I
>>>do that 
>That's something I have been wondering for a while, as we use win2k/NT
>on our Desktops at work, and trying to convince the boss to switch to
>Gnome (as 50% of our servers run linux, so thats half the battle), 
>but he wants the desktops locked down like in windows for the users (as
>sys admins were trusted, which is a damn good policy is u ask me), so
>currently Linux on the desktop is a no..no, due to this 

Yes, we face much the same thing.  For desktops Win32 are certainly
easier to manage/admin.  (Certainly the opposite is true for servers).

>>The simplest solution is to make a .gnome and .gnome-desktop somewhere
>>and copy them back to $HOME everytime a user logins in.  Then they can
>>change things but everything reverts between users.
>But they can still edit the menus and run other programs and just open a
>terminal and type away (that would be the first thing to go in this
>case)

Yes.  

<RANT>
But a lot of Open Source developers have a kind of "liberation theology"
about such things and object to user controls of this kind.  I often get
'religious' responses  when asking people from certain projects about
how to turn *off* a feature.  If they simply haven't coded anything to
do that it would be fine (I didn't pay them anything for it),  but the
"user has rights" arguments are quite frustrating.  I've seen users
decimate a desktop trying to double-click an icon,  which things moved
all over, windows opening they don't want, etc...  And that happens
often after hours of training.  To put is simply, a lot of corporate
end-users are real block heads, and *NEED* to be protected from
themselves.  The other category are self-acclaimed geeks who fiddle, 
wipe out a bunch of settings, and then call the help desk: "My computer
doesn't work anymore"  We should be able to dope slap them and say
"Tough luck moron!",  but if we do they'll just run to management and
whine.  So instead we have to send someone, whom we are paying to do
other things, down to punch in all the *&$&^&*@ settings yet again.  And
I don't see this general level of (in)competence changing,  our recent
college graduates are just as computer illiterate as out 50 year old
managers (Actually some of our 50 year old managers are pretty clever
about such things).  That is in part an HR problem, but every admin I
talk to says the same things, so it isn't a problem unique to us.  The
sort of it is that the ability to disable a feature is often just as
important as the feature itself.
</RANT>

>>I know it isn't exactly what you want, but currently GNOME doesn't have
>>anything like "policies",  which is a real bloody shame. 
>I cannot see it being that hard to do (but I'm not a programmer, so I
>cannot really comment)

Yep.  But I dream out the day when GNOME can initialize its desktop from
an LDAP DSA.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]