locking down gnome.

plug@arcticmail.com plug@arcticmail.com
Wed, 22 Nov 2000 17:53:10 -0700 

OK, I know that grandma won't know how to do this,
but using this method couldn't grandma as grandma
do the following:

cd ~grandma
mv .gnome .gnome-grandmaubercracker
mv .gnome-desktop .gnome-i-want-the-grandkids-photos-on-my-desktop

assuming that grandma has sufficient permissions
in her home directory?

I would suspect that GNOME has a "system-wide" config
file or some such that tells it to make use of ~/.gnome
(and ~/.gnome-desktop) (or worst case I guess it could
be hard coded in the source code).

Anyway, it would seem that GNOME should be reconfigured
NOT to use ~/.gnome and ~/.gnome-desktop, but rather it
should get what it needs from shared, system-wide config
directories /usr/local/etc/gnome and
/usr/local/etc/gnome-desktop, both of which are
locked down via chown and chmod.

Of course, faced with this, grandma would have no
choice but to custom-compile the GNOME source in
her home directory.  :)


D

* On Wed, Nov 22, 2000 at 12:44:06PM -0700, Deepak Saxena wrote:
> 
> 
> create a "gnome" user/group.
> you can use root, but it's probably cleaner not to
> 
> pseudo-code:
> 
> foreach USER
> cd ~$USER/.gnome-desktop
> chown -R gnome:gnome .
> 
> That will lock down the desktop.  They can read it, but they can't write to
> it, so there's no way for them to add anything. 
> 
> You should be able to do the same sort of thing with the .gnome directory
> by locking down config files.  You may have to play with that directory a
> little since certain files have to be written to by Gnome at logout.
> Thing like session management information and such.
> 
> I would create a default .gnome-desktop and .gnome directory structure
> and then build a wrapper script around adduser so that they get automatically
> installed into a new user's $HOME
> 
> ~ Deepak
> 
> On Nov 22 2000, at 12:32, Icegryphon was caught saying:
> > I will be having Multiple users on a workstation with gnome.
> > Here is the problem I run in to. I need to make a user with a normal desktop
> > on gnome (i.e. Home Dir, floppy, Trash.) And also have Netscape and to
> > logout/shutdown. Now how do I configure a user so that they and only see those
> > and can use those. I Don't want them to be able to remove or del any icons
> > from their desktop. I don't want them to be able to add a panel or change the
> > background or any options. Pretty much a basic system that would only be able
> > to use netscape and their home directory and floppy.
> > Is there any good software around for creating policies like in windows NT?
> > Please E-mail your comments to me at Icegryphon@netscape.net
> > rather then posting them.
> > Thank you
> > 
> > ____________________________________________________________________
> > Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail
> > 
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > 
> > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> -- 
> Deepak Saxena - deepak@csociety.purdue.edu
> 
> I will not be pushed,filed,stamped,indexed,briefed,debriefed,or numbered!
> My life is my own - No. 6
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>