locking down gnome.

Deepak Saxena deepak@csociety.purdue.edu
Wed, 22 Nov 2000 22:38:01 -0500 

not if you change user:group of .gnome and .gnome-desktop to someone
else and than chmod 755 on it.  the user can't delete it or move it
since he doesn't own it.

~ Deepak


On Nov 22 2000, at 17:53, plug@arcticmail.com was caught saying:
> 
> OK, I know that grandma won't know how to do this,
> but using this method couldn't grandma as grandma
> do the following:
> 
> cd ~grandma
> mv .gnome .gnome-grandmaubercracker
> mv .gnome-desktop .gnome-i-want-the-grandkids-photos-on-my-desktop
> 
> assuming that grandma has sufficient permissions
> in her home directory?
> 
> I would suspect that GNOME has a "system-wide" config
> file or some such that tells it to make use of ~/.gnome
> (and ~/.gnome-desktop) (or worst case I guess it could
> be hard coded in the source code).
> 
> Anyway, it would seem that GNOME should be reconfigured
> NOT to use ~/.gnome and ~/.gnome-desktop, but rather it
> should get what it needs from shared, system-wide config
> directories /usr/local/etc/gnome and
> /usr/local/etc/gnome-desktop, both of which are
> locked down via chown and chmod.
> 
> Of course, faced with this, grandma would have no
> choice but to custom-compile the GNOME source in
> her home directory.  :)
> 
> 
> D
> 
> * On Wed, Nov 22, 2000 at 12:44:06PM -0700, Deepak Saxena wrote:
> > 
> > 
> > create a "gnome" user/group.
> > you can use root, but it's probably cleaner not to
> > 
> > pseudo-code:
> > 
> > foreach USER
> > cd ~$USER/.gnome-desktop
> > chown -R gnome:gnome .
> > 
> > That will lock down the desktop.  They can read it, but they can't write to
> > it, so there's no way for them to add anything. 
> > 
> > You should be able to do the same sort of thing with the .gnome directory
> > by locking down config files.  You may have to play with that directory a
> > little since certain files have to be written to by Gnome at logout.
> > Thing like session management information and such.
> > 
> > I would create a default .gnome-desktop and .gnome directory structure
> > and then build a wrapper script around adduser so that they get automatically
> > installed into a new user's $HOME
> > 
> > ~ Deepak
> > 
> > On Nov 22 2000, at 12:32, Icegryphon was caught saying:
> > > I will be having Multiple users on a workstation with gnome.
> > > Here is the problem I run in to. I need to make a user with a normal desktop
> > > on gnome (i.e. Home Dir, floppy, Trash.) And also have Netscape and to
> > > logout/shutdown. Now how do I configure a user so that they and only see those
> > > and can use those. I Don't want them to be able to remove or del any icons
> > > from their desktop. I don't want them to be able to add a panel or change the
> > > background or any options. Pretty much a basic system that would only be able
> > > to use netscape and their home directory and floppy.
> > > Is there any good software around for creating policies like in windows NT?
> > > Please E-mail your comments to me at Icegryphon@netscape.net
> > > rather then posting them.
> > > Thank you
> > > 
> > > ____________________________________________________________________
> > > Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail
> > > 
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > > 
> > > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > 
> > -- 
> > Deepak Saxena - deepak@csociety.purdue.edu
> > 
> > I will not be pushed,filed,stamped,indexed,briefed,debriefed,or numbered!
> > My life is my own - No. 6
> > 
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > 
> > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > 
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-- 
Deepak Saxena - deepak@csociety.purdue.edu - phone://602.790.0500

"It is dangerous to confuse children with angels" - Magnolia