Locking down the GNOME desktop

I was setting up a multi-user Ndiyo system, which was based on the Ubuntu Linux distribution. But this was going into a public internet-cafe-type situation where I didn’t want users to be able to do things like reconfigure the network or delete items from the menus. I gather this is easier to manage under KDE, but we had gone far enough with the default Gnome configuration that it didn’t make sense to change.

There are various things you can do using the desktop itself. But I wanted to be able to do it for several users from the command line or a shell script.

In addition, I didn’t want to impose these restrictions on all users of the system; only on the few fixed users who would be auto-logged in at the terminals. Gnome uses a variety of different systems to construct its desktop environment and it took me a while to find out how you could, for example, remove items from the System menu for a given user. So here are some quick notes in case others find themselves in the same position.

Gconf

Most desktop preferences under Gnome are managed using the GConf repository - a similar concept to the Windows registry, but rather easier to manage, I think, because it has more of its roots in the file system.

Here are some quick notes to get you familiar with it:

Use the configuration editor (under System Tools) to browse the keys. The most useful sections are under /apps/panel and /desktop/gnome .

You can get the value of a key using, e.g

% gconftool-2 -g /apps/panel/global/disable_lock_screen false

and you can set it using, e.g.

% gconftool-2 -s /apps/panel/global/disable_lock_screen -t bool true

The above line will remove the ‘Lock Screen’ option from your menus. Set the key back to ‘false’ to put it back.

The gconftool-2 utility will make the change in the currently running gconfd, will inform applications which use the key that it has changed (though some will only notice on a restart), and the appropriate changes will be recorded in the user’s ~/.gconf directory, which means that they will be restored when the user next logs in.

You can modify a user’s configuration by modifying their .gconf directory - for example by copying bits of it from another user’s directory - but you really need to do this when the user is NOT logged in because it may be overwritten on logout. Putting things in the .gconf directory within /etc/skel is a good way to ensure that they’re set for all future users, though.

gconftool-2, on the other hand, should work fine when the user is logged in. If you are running as root, a command like % sudo -u user1 /usr/bin/gconftool-2 … can be used to set the configuration for user1, even if they’re logged in.

If you want to know more about the keys you’re manipulating, look in the /schemas bit of the tree. If you’re interested in the type of the value you would be able to set using

% gconftool-2 -s /X/Y/Z

for example, then try

% gconftool-2 -g /schemas/X/Y/Z

which should give you some more information.

Lists

Some keys store lists, rather than a single value. For example

% gconftool-2 -g /apps/panel/general/applet_id_list

[mixer,clock,systray,battstat_applet,show_desktop_button,
window_list,workspace_switcher]

This is a list of the applets displayed in the panel. I can see that it’s a list of strings, but just to confirm:

% gconftool-2 -g /schemas/apps/panel/general/applet_id_list

Type: list
List Type: string
...

I want to remove the workspace_switcher from the desktop, so I can do:

$ gconftool-2 -s /apps/panel/general/applet_id_list \
  -t list --list-type=string  \
  '[mixer,clock,systray,battstat_applet,show_desktop_button,window_list]'

and the switcher immediately vanishes from my desktop.

Using gconf settings, you can do things like disabling the ‘lock screen’ facility, disabling the ‘Run applications’ menu option and the Alt-F2 command line prompt, choosing what’s in the panels, and so forth. And you can set:

  /apps/panel/global/locked_down

to stop any further changes to the panel being made from the desktop after it’s next restarted.

Most of the items in the menus, however, are applications, and their appearance is not controlled using GConf, but using the XDG system.

You can read about this at freedesktop.org or at RedHat.

I’ll try and update this page in the near future with some examples of what I did.

Quentin Stafford-Fraser
6 April 2006