[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: multi-user guest account



On Tuesday 10 May 2005 19:19, Gavin McCullagh wrote:
> Hi,
>
> I was wondering would a preconfigured kiosk account be a nice addition to
> the default sarge install.

I think so

> Ideally, the settings should be moreorless fixed, it would be possible to
> run many mozilla instances on different displays without seeing the
> profile dialogue.  I guess I'm asking for the KDE Kiosk Framework.  

I have no idea about locking down mozilla, but we can lock konqueror and KDE 
down with the kiosk framework just fine.

> Has 
> anyone used it in debian-edu?  It appears the kiosk stuff has changed
> radically between kde2 and kde3.

kiosk framework was new in kde2

> Is it too late to be mentioning this for sarge?  
think so (should be no problem to create something that works on both sarge 
and etch though)

> Any suggestions as to how this would best be done?  Could it easily be
> done in a standalone package or should the LDAP database, etc just have
> it from the start?

can be done in a standalone package, the problem breaks down in 3 parts:
1) exactly what kind of setup do we want, what should be possible, what 
shouldn't, what do we not care about -> this is the hard part
2) implementing what's decided in 1) into a kde-profile (basically a 
directory with similar layout to ~/.kde,) -> just takes some effort (I'm 
willing to do this, given 1)
3) add the directory containing 2) in front of KDEDIRS whenever you want 
that setup activated -> my desktop-profiles package offers a generic way to 
do this (currently in my homedir on developer.skolelinux.no, should be in 
debian proper soon, as I found a sponsor for it at the devcamp in Valencia)

things you can lock down in kde:
- all settings in configuration files
- all actions (more or less everything that has a menu or toolbar item + 
some general things like shell_access
- certain url's (url's include everyting that can be accessed through kde's 
ioslaves mechanism), can also be redirected
- access to controlcenter modules

(note kiosk is off course to be used in addition to normal unix security 
measures)
-- 
cobaco (aka Bart Cornelis):
    Coördinator Belgisch Skolelinux team
    Coördinator Nederlandse Skolelinux vertaling

Attachment: pgpFhvdGTSDt2.pgp
Description: PGP signature


Reply to: