By Carsten Schnober
KDE's kiosk mode helps admins restrict the use of publicly accessible desktop PCs to a browser or a dedicated GUI-based terminal application. In this scenario, the user is limited to the command line or a small set of applications. The Pessulus [1] lockdown editor and the Sabayon [2] profile editor provide similar benefits for the Gnome environment.
Since version 2.0, Gnome has stored desktop settings in XML files managed by the GConf system. When launched, Gnome first parses the system configuration defaults, which typically reside in /etc/gconf, although Suse uses /etc/opt/gnome/gconf. Gnome then adds the files stored in the .gconf directory below the user's home directory. User preferences have priority over system defaults.
GConf additionally lets system administrators define GConf keys, which users cannot overwrite. Most distributions place these keys in /etc/gconf/gconf.xml.mandatory. Thus far, mandatory keys have helped administrators define the desktop appearance, from the menu, through the wallpaper, to the configuration of individual applications.
Gnome version 2.14 adds new lockdown keys to GConf, preventing user access to individual applications. These keys are stored below /desktop/gnome/lockdown in the GConf XML tree and can disable, for example, the [Alt+F2] keyboard shortcut for the command line, block the printer, or deny write access to the hard disk.
If necessary, the Gnome panel can also be restricted. GConf will either prevent users modifying the default panel configuration entirely, or just stop them from adding or removing individual applets. Additionally, Gnome 2.14 gives administrators the ability to prevent users quitting the Gnome session or automatically locking the screen when the screensaver starts.
Editing XML files with a text editor is not everybody's idea of fun, and the GConf editor has a reputation for being less than intuitive. A Python front-end by the name of Pessulus helps take the pain out of this chore (see Figure 1).
Pessulus gives you a useful interface for the lockdown functions discussed earlier. You can click to select a function to deny user access. In the Panel section, you just select the applets visible to users from the list of installed applets.
Pessulus can also configure the default Gnome web browser, Epiphany. You can tell Epiphany to restrict a few functions, such as Javascript, and to block specific protocols. If needed, admins can prevent users from quitting Epiphany, or force full-screen mode for the browser to convert a full-fledged desktop into a simple surf station for kiosk use.
When Pessulus is launched with normal user privileges, you can apply restrictions to the current account. This approach may seem useless, as the user could simply revoke the changes, but this option is effective if Epiphany is only available in full-screen mode and access to other programs is denied.
Admins who need to assign different privileges to different users will find Sabayon a more powerful Gnome configuration tool (Figure 2). The program launches a Gnome session in an XNest window, where the administrator can adjust various settings to fine tune the desktop. All the usual Gnome configuration tools are available, and this means you can define menu items or the wallpaper just like in a normal session.
Sabayon integrates the Pessulus desktop to apply the restrictions referred to earlier. After setting up a desktop to your liking, you can save the desktop in a profile, and then assign the profile to user accounts to apply the profile to a Gnome session when a user logs on.
Sabayon does not use the GConf configuration but stores any desktop profiles you create as ZIP archives in a directory of its own - this is /etc/desktop_profiles by default, although the path can vary depending on your distribution. The archives contain any Gnome configuration files that differ from the system defaults, that is, both the GConf XML files, and the files added to the desktop. When a user launches a Gnome session, Sabayon applies the settings stored in the profile for that user.
The archive with the profile configuration is named after the profile and has a .zip extension. You don't need to launch an XNest session to change settings in Sabayon; instead you can edit the GConf files in the ZIP archive directly.
Sabayon offers another approach to making simple changes to a profile. Pressing the Details button takes you to a list that details the differences between the profile and the defaults; you can delete the items individually to remove them from the profile. There is a Mandatory GConf Settings option for mandatory keys and a Default GConf settings option for user-configurable defaults. Deleting one of these entries will delete all entries with Sabayon settings for a specific category. Other configuration files that you have added or modified can be deleted individually.
The new Pessulus and Sabayon tools give admins the freedom to choose Gnome for kiosk applications. In their typical self-assured manner, many Gnome developers simply view Pessulus and Sabayon as the first step towards making Gnome the number one desktop for administrators.
The developers have made plans to extend Sabayon's feature set and to add a means for cooperating with Stateless Linux [3] some time in the future. Their goal is an environment where user profiles contain all important user files, and these user files are available across a network. No matter where the user logs on, the user would always have the same desktop.
Thus far Gnome developers have been focusing on squashing the remaining minor bugs in Pessulus and Sabayon. It remains to be seen whether these lockdown tools will ever fully live up to their promise. But one thing is for certain: Gnome is now an option for admins who wish to restrict the use of publicly accessible PCs.
| INFO |
|
[1] Pessulus: http://www.gnome.org/~vuntz/pessulus
[2] Sabayon: http://www.gnome.org/projects/sabayon [3] Stateless Linux http://fedoraproject.org/wiki/StatelessLinux |