Re: Gnome Lock Down

From: "Paul Cooper" <pgc ucecom com>
To: gnome-list gnome org
Subject: Re: Gnome Lock Down
Date: Mon Jun 10 07:06:01 2002

On Mon, 2002-06-10 at 10:41, Mark Cooke wrote:
> On Mon, 2002-06-10 at 10:32, Adam Williams wrote:
> > >I am building an Internet cafe (using ltsp). I want to
> > >lock down the desktop and the menus so that nobody can
> > >fool around and change or delete icons etc. How can I
> > >do that 
> 
> That's something I have been wondering for a while, as we use win2k/NT
> on our Desktops at work, and trying to convince the boss to switch to
> Gnome (as 50% of our servers run linux, so thats half the battle), 
> 
> but he wants the desktops locked down like in windows for the users (as
> sys admins were trusted, which is a damn good policy is u ask me), so
> currently Linux on the desktop is a no..no, due to this 
> 
> > The simplest solution is to make a .gnome and .gnome-desktop somewhere
> > and copy them back to $HOME everytime a user logins in.  Then they can
> > change things but everything reverts between users.
> 
> But they can still edit the menus and run other programs and just open a
> terminal and type away (that would be the first thing to go in this
> case)

One thing you could try in this case is to create a new 'bin' directory
just containing gnome and only the software that users are allowed to
use and then changing the path env variable PATH=/path/to/new/bin

That way they cant get a terminal because it's not in the path (or if it
is for some reason the only stuff they can do is execute software they
allowed anyway).

I wonder why you even need to run a desktop if you want a 'locked down'
system - why not run only a window manager (e.g. windowmaker, icewm,
blackbox) and only put the 'allowed' software in the menu (and then put
restrictive permissions on the menu file - the ability and ease to do
this may well determine which window manager).

HTH,

Paul


> > I know it isn't exactly what you want, but currently GNOME doesn't have
> > anything like "policies",  which is a real bloody shame. 
> 
> I cannot see it being that hard to do (but I'm not a programmer, so I
> cannot really comment)
> 
> -- 
> ---
> To steal ideas from one person is plagiarism;
> to steal from many is research.
> 
> _______________________________________________
> gnome-list mailing list
> gnome-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-list
-- 
-----------------------------------------------------------------
Paul Cooper                             |  Tel: 0121 331 7858
Senior Programmer and Database Engineer |  Fax: 0121 331 7859
UCEcom                                  |  mailto:pgc ucecom com
University of Central England           |  http://www.ucecom.com
Birmingham, B4 7DX                      |
-----------------------------------------------------------------

Follow-Ups:
- Re: Gnome Lock Down
  - From: Adam Williams

References:
- Gnome Lock Down
  - From: pipis fakidomitis
- Re: Gnome Lock Down
  - From: Adam Williams
- Re: Gnome Lock Down
  - From: Mark Cooke

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]