5.1  KDE Kiosk framework


In this section we describe how to lock down your KDE desktop with the Kiosk 


framework that has been introduced in KDE3. We show you by editing the 


configuration files directly or using the very comfortable Kiosk Admin Tool


1


administration GUI tool how to map profiles to users and groups; mark 


configuration entries as immutable; and restrict actions, URLs, and resources.


For an introduction to how KDE user profile (personalization) data is contained 


see Appendix D,  Client personalization  on page 217.


5.1.1  Profiles


An out of the box KDE installation gives the user a lot of power to change her 


settings according to personal preferences. In an enterprise environment this is 


probably not what you want, and one of the reasons why the Kiosk framework 


was introduced in KDE3. It allows you to disable certain KDE features to create a 


more controlled environment. It is built on top of KDE's configuration framework 


and adds a simple API that applications can query to get authorization for certain 


operations. 


The KDE Kiosk framework should be used in addition to standard Linux security 


measures, that is, the files that disable certain features should only be writeable 


by the Kiosk administrator, which can be the root user or somebody else 


designated specifically for that task. The Kiosk framework uses the standard 


UNIX user and group semantics and adds a profile layer to it. Profiles are 


configuration sets that specify what can be done when working with KDE and are 


associated to single users or groups of users. 


You have to tell KDE in the global configuration file /etc/kderc (another choice 


would be /usr/share/config/kdeglobals) which profiles are available and where to 


find the mapping file. In Example 5 1 we showcase the configuration with two 


different user profiles, which are internationalized (English and German [de]) and 


owned by the root user (ProfileInstallUser=root). The other three profiles look 


identical.


Example 5 1   Profiles and the mapping file are specified in /etc/kderc


[Directories]


kioskAdmin=root:


profileDirsPrefix=/etc/kde profile/


userProfileMapFile=/etc/kde user profile


[Directories default]


1  


http://extragear.kde.org/apps/kiosktool.php


90 


Linux Client Migration Cookbook   A Practical Planning and Implementation Guide for Migrating to Desktop Linux








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      spain web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved