Results 1 to 3 of 3

Thread: HOWTO: Lockdown and Restrict the Gnome Graphical Interface

  1. #1
    Join Date
    Mar 2006
    Location
    Whitesburg, TN USA
    Beans
    44

    HOWTO: Lockdown and Restrict the Gnome Graphical Interface

    Tested with Ubuntu 7.04 Feisty Fawn 32bit Desktop Edition

    This guide will explain how to lock down the Gnome graphical user interface and desktop to prevent non-administrators from making unauthorized changes.

    What you will need:
    • Ubuntu with Gnome (default)
    • Gnome Configuration Editor (standard)
    • Preferably at least two accounts (one locked and one unrestricted)

    NOTE: This can be done with one account, but it is recommended that you have at least two. One account that is unrestricted (usually the main one made when installing Ubuntu) and one that is locked and restricted. That way if anything goes wrong you can easily reboot the system and log into the unrestricted account.

    Step 1: Press ALT+F2 to open the run program dialog.
    Step 2: Type "gconf-editor" minus the quotes and click run. This will run the Gnome Configuration Editor,
    Step 3: In the left pane click the arrow next to "apps".
    Step 4: In the sublist under "apps" click the arrow next to "panel". You may need to scroll down to see it.
    Step 5: Click on "global" in the sublist under "panel".
    Step 6: In the right pane there are four items of note.
    • Checking "disable_force_quit" will prevent the users ability to forcibly close a panel applet.
    • Checking "disable_lock_screen" will prevent the user from display the screen saver and password protecting the screen.
    • Checking "disable_log_out" will prevent the user from logging out of, shutting down, or restarting the computer.
    • Checking "locked_down" will prevent the user from making any changes to the panels.

    Step 7: In the left pane click the arrow next to "desktop".
    Step 8: In the sublist under "desktop" click the arrow next to "gnome".
    Step 9: In the sublist under "gnome" click on "lockdown".
    Step 10: In the right pane there are six items of note.
    • Checking "disable_command_line" will restrict the users ability to access the terminal. This also disable the "Run Program" dialog.
    • Checking "disable_lock_screen" will prevent the user from locking the screen.
    • Checking "disable_printing" will prevent the user from printing things to the attacted printer.
    • Checking "disable_print_setup" will prevent access to all "Print Setup" dialogs.
    • Checking "disable_save_to_disk" will prevent the user from saving thing to the hard drive.
    • Checking "disable_user_switching" will prevent the user from switching to another account while the current session is active.

    WARNING: Disable the command line with caution. You will need to reboot into another account to reopen the Gnome Configuration Editor easily.

    Simply reverse the following steps to undo any of the changes.

  2. #2
    Join Date
    Jan 2006
    Beans
    18
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Lockdown and Restrict the Gnome Graphical Interface

    i have tried to enable "disable_save_to_disk" for one account but it still can create any file in it's home directory...

    how to set it correctly?

  3. #3
    Join Date
    Mar 2006
    Location
    Whitesburg, TN USA
    Beans
    44

    Re: HOWTO: Lockdown and Restrict the Gnome Graphical Interface

    All that does is disable the "right-click" save as or save option. It is still possible to write to the user home directory. What you can do is change the permissions of the users home directory to read only, but that is out of the scope of this tutorial.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •