locking down gnome.

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\..Mder.hansPLUGd@LuftHans.com at <-
MM.MDeepakSaxenadeepak@csociety.purdue.edu at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Deepak Saxena
Date:  
Subject: locking down gnome.
not if you change user:group of .gnome and .gnome-desktop to someone
else and than chmod 755 on it. the user can't delete it or move it
since he doesn't own it.

~ Deepak


On Nov 22 2000, at 17:53, was caught saying:
>
> OK, I know that grandma won't know how to do this,
> but using this method couldn't grandma as grandma
> do the following:
>
> cd ~grandma
> mv .gnome .gnome-grandmaubercracker
> mv .gnome-desktop .gnome-i-want-the-grandkids-photos-on-my-desktop
>
> assuming that grandma has sufficient permissions
> in her home directory?
>
> I would suspect that GNOME has a "system-wide" config
> file or some such that tells it to make use of ~/.gnome
> (and ~/.gnome-desktop) (or worst case I guess it could
> be hard coded in the source code).
>
> Anyway, it would seem that GNOME should be reconfigured
> NOT to use ~/.gnome and ~/.gnome-desktop, but rather it
> should get what it needs from shared, system-wide config
> directories /usr/local/etc/gnome and
> /usr/local/etc/gnome-desktop, both of which are
> locked down via chown and chmod.
>
> Of course, faced with this, grandma would have no
> choice but to custom-compile the GNOME source in
> her home directory. :)
>
>
> D
>
> * On Wed, Nov 22, 2000 at 12:44:06PM -0700, Deepak Saxena wrote:
> >
> >
> > create a "gnome" user/group.
> > you can use root, but it's probably cleaner not to
> >
> > pseudo-code:
> >
> > foreach USER
> > cd ~$USER/.gnome-desktop
> > chown -R gnome:gnome .
> >
> > That will lock down the desktop. They can read it, but they can't write to
> > it, so there's no way for them to add anything.
> >
> > You should be able to do the same sort of thing with the .gnome directory
> > by locking down config files. You may have to play with that directory a
> > little since certain files have to be written to by Gnome at logout.
> > Thing like session management information and such.
> >
> > I would create a default .gnome-desktop and .gnome directory structure
> > and then build a wrapper script around adduser so that they get automatically
> > installed into a new user's $HOME
> >
> > ~ Deepak
> >
> > On Nov 22 2000, at 12:32, Icegryphon was caught saying:
> > > I will be having Multiple users on a workstation with gnome.
> > > Here is the problem I run in to. I need to make a user with a normal desktop
> > > on gnome (i.e. Home Dir, floppy, Trash.) And also have Netscape and to
> > > logout/shutdown. Now how do I configure a user so that they and only see those
> > > and can use those. I Don't want them to be able to remove or del any icons
> > > from their desktop. I don't want them to be able to add a panel or change the
> > > background or any options. Pretty much a basic system that would only be able
> > > to use netscape and their home directory and floppy.
> > > Is there any good software around for creating policies like in windows NT?
> > > Please E-mail your comments to me at
> > > rather then posting them.
> > > Thank you
> > >
> > > ____________________________________________________________________
> > > Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail
> > >
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > >
> > > Plug-discuss mailing list -
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> > --
> > Deepak Saxena -
> >
> > I will not be pushed,filed,stamped,indexed,briefed,debriefed,or numbered!
> > My life is my own - No. 6
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> >
> > Plug-discuss mailing list -
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
Deepak Saxena - - phone://602.790.0500

"It is dangerous to confuse children with angels" - Magnolia


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-locking down gnome.locking down gnome.->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)