Locking down the gnome desktop
- From: Janyne Kizer <janyne_kizer ncsu edu>
- To: gconf-list gnome org
- Subject: Locking down the gnome desktop
- Date: Fri, 05 Dec 2003 13:13:44 -0500
Hello,
I am relatively new to Gnome and I have some questions about creating a
relatively locked down desktop environment. Basically, we want users to
always have the same menu and panel when they log in -- we don't
particularly care what they do with the desktop itself or what they do
during a session as long as it is set up the standard way the next time
that they log in.
I've run into quite a few problems with this and I have some questions
as a result. Firstly, I read the admin guide and saw that there is
supposed to be a way to set the panels in gconf. Unfortunately, I could
not get it working at all. Is this implemented in Gnome 2.2 (that comes
with RH9)?
http://www.gnome.org/learn/admin-guide/2.2/gconf-8.html#gconf-14
When I was unable to get gconf to do the panel settings, I tried the
method mentioned here:
http://mail.gnome.org/archives/gnome-redhat-list/2003-July/msg00011.html.
I had more success with that but it also brought up more questions.
When I set the
~/.gconf/apps/panel/profiles/default/objects/myapp/%gconf.xml to root
ownership with read-only access for the userid, the userid took
ownership of it anyway upon login. That doesn't seem right. I mean,
what kind of security is that? I suppose that I could copy this file in
each time that the user logs in but that seems like a lot of unnecessary
overhead given the fact that the permissions should have been respected
in the first place :-(
In addition, I have noticed that some of the gconf settings don't
"stick" when they are set in mandatory. For example, I set the following:
gconftool-2 --direct --config-source
xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set
/apps/clock_applet/prefs/hour_format 12
gconftool-2 --direct --config-source
xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set
/apps/clock_applet/prefs/show_seconds false
gconftool-2 --direct --config-source
xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set
/apps/clock_applet/prefs/show_date true
gconftool-2 --direct --config-source
xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set
/apps/clock_applet/prefs/gmt_time false
gconftool-2 --direct --config-source
xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set
/apps/clock_applet/prefs/unix_time false
Yet users can select 24 hour, seconds, gmt, unix and turn the date off.
When they log off and log back in (after stopping gconfd), the
settings that the user makes seem to stick. This concerns me not
because of the clock per se but because when the system adminstrator
sets something and makes it mandatory, it should be mandatory.
I wasn't sure what issues could be resolved with gconf and what had to
be handled seperately. I have read the .schemas files and tried using
the mandatory settings but I'm not sure that they are working (for
example, messed with the clock settings for testing purposes and set
"gconftool-2 --direct --config-source
xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set
/apps/clock_applet/prefs/show_date true" but can still turn off date
display and it stays off after logging out and logging back in).
Anyway, I'm glad to see that this list exists and I look forward to
reading more.
--
Janyne Kizer
Systems Programmer Administrator
NC State University, College of Agriculture & Life Sciences
Extension Information Technology
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
