Hacking the Linux Desktop
Pages: 1, 2
Lock Down KDE with Kiosk Mode
Control exactly what your users can tinker with, and what they can't change at all.
System administrators typically spend a lot of their time fixing trivial problems for users who have accidentally changed their settings in some way. When an inexperienced user moves a desktop icon into the trash or sets a mime-type to open with the wrong program, he might be unable to reverse his changes. Calls to the system administrator for help are a poor use of everyone's time. It would be better if the user had never been able to make undesirable changes.
Perhaps you just want to set up a Linux desktop for your grandmother but she keeps changing the layout of the application toolbars without meaning to. The new look confuses her so much that she calls you all the time asking for help, or worse, she gives up on Linux or computers. Wouldn't it be great if you could protect your grandmother from herself?
For computers in a public setting such as an Internet café or library, problems such as these turn into more than just timewasters; they can prevent others from using the machine or cause distress for users. Have you heard the common anecdote of the script kiddy who has changed the background wallpaper on all the machines in a library to pornographic photos?
Enter the Kiosk
KDE has traditionally been one of the most configurable desktop environments available, but KDE 3.2.3 pushed the fold and added the Kiosk framework, which allows for any or all of the configuration options to be marked as unchangeable. With Kiosk you can create profiles that are attached to users or groups of users. A profile can define any KDE setting, but usually includes the contents of the desktop, panel, and K Menus, as well as the choice of wallpaper, default fonts, and widget style. You can also specify important system settings, such as the network proxy and file associations. Most importantly, all these options can be set to be unchangeable by the user. This means grandma will never accidentally delete her web browser icon, and a bored teenager can't change the library's computer wallpaper to something that will give grandma a heart attack.
The easiest way to set up a Kiosk profile is to use the Kiosk Admin Tool. Some distributions include this by default or include a package for it. If you need to, you can download the source from its web site at http://extragear.kde.org/apps/kiosktool.php.
Start the Kiosk tool (as a normal user; there's no
need to run as root) by selecting
K-menu→System→Kiosk Admin Tool, or with the
kiosktool command, and click Add New Profile. Give
this profile a name such as
"locked-down" and click OK to save.
When prompted, provide your root password to save the new profile.
Now click Manage Users and add a user policy to link a user to your
new locked-down profile. You can also add Linux user groups to the
policy. The Kiosk tool links to /etc/group,
which is where you should manage group membership. To configure a
profile, select it in the list and then click Next. The next screen
presents numerous modules, each with specific configuration options
in it. Ticking an option will lock down its corresponding feature.
The settings will be saved when you click Back.
Some of the modules offer graphical setup for their settings. For example, under the Desktop Icons module you can load a temporary desktop to replace your normal one. Switch to a different virtual desktop (Ctrl-F2) if you have windows covering your background. You can add, remove, and move any of the icons on the temporary desktop. When you click Save in Kiosk Admin Tool, the settings for this desktop will be saved and your normal desktop will be loaded again. This makes configuring the setup for your Kiosk profile as easy as configuring your own desktop.
A general breakdown of the types of settings you will find in the most important modules follows:
- General
-
Contains the settings that control the global properties for all KDE programs and includes the ability to run commands, log out, or move toolbars. Disabling Konsole removes not only its entry from the K Menu, but also the embedded Konsoles in Konqueror and Kate.
- Desktop Icons
-
Settings to prevent users from moving or deleting desktop icons.
- KDE Menu
-
Controls which programs are available from the K Menu.
- Themeing
-
Prevents users from changing the widget style, color, or font settings.
- Konqueror
-
Stops the user from being able to browse outside his home directory.
- Menu Actions
-
Turns off standard menu actions such as open, print, paste, settings, etc., from all KDE applications.
- File Associations
-
Ensures that files can be opened only with the specified programs.
- Network Proxy
-
Enforces the use of your web proxy. Uses a web proxy to restrict which web sites a user can browse.
- Panel
-
Used to lock down the panel, prevents users from adding or removing the items you place here, and enables you to prevent panel context menus from working.
The Kiosk framework has been used in large enterprise deployments of
KDE. Administrators report that it cuts the time taken up by user
support by half, because it reduces the number of small but
time-consuming problems users have. If you are considering using
Kiosk in a public setting you might want to make yourself familiar
with the KDE configuration file format. Browse through
/etc/kde-profile to see the settings made by the
Kiosk Admin Tool. Adding [$i] to a configuration
option, group of options, or file makes them unchangeable by users.
Kiosk is not a substitute for using Unix filesystem permissions or other security settings. You should also make sure you set X to not be killable with Ctrl-Alt-Backspace, and prevent users from changing to a text console. Finally, make sure the login manager does not allow users to log in to any other desktop environment that has not been locked down.
--Jonathan Riddle
View catalog information for Linux Desktop Hacks
Return to the Linux DevCenter.
You must be logged in to the O'Reilly Network to post a talkback.
