[Kde-kiosk] Kiosk under KDE 3.0
Waldo Bastian
bastian at kde.org
Wed Sep 29 14:43:12 CEST 2004
On Wednesday 29 September 2004 14:23, Mark Walker wrote:
> Hi,
>
> I'm running KDE 3.0 and now have a requirement to "lock down" the graphical
> environment.
>
> I've downloaded the notes on kiosk and on face value it looks like it will
> do the required job.
>
> I've create the entry [KDE Action Restrictions] under
> /home/user/.kde/share/config/kdeglobals and added the following options.
>
> shell_access=false
> action/kdesktop_rmb=false
> action/kicker_rmb=false
> action/kwin_rmb=false
> editable_desktop_icons=false
>
> I then touched the file /home/usr/.kde/share/services/update_ksycoca.
>
> However, when the user logs in no actions are restricted.
>
> So my questions are
>
> 1, Is the above information correct ?
> 2, Should it work under KDE 3.0
> 3, Do I need to upgrade to KDE 3.3, and if so how do I perserve my
> current users settings.
The above actions where not yet implemented in KDE 3.0 I have attached the
kiosk readme that is applicable to KDE 3.0.
Upgrading to KDE 3.3 should automatically preserve/upgrade all current users
settings (but downgrading again back to KDE 3.0 does NOT!)
Cheers,
Waldo
--
bastian at kde.org | Wanted: Talented KDE developer | bastian at suse.com
http://www.suse.de/de/company/suse/jobs/suse_pbu/developer_kde.html
-------------- next part --------------
In KDE3 a kiosk-framework gets introduced.
One of the driving forces behind KDE is to put the user in control and
give him or her a large amount of possibilities to adjust KDE to his or her
liking. However, in some situations it is required to reduce the possibilities
of KDE, e.g. because the system is to be used for one or more specific
dedicated tasks only.
The kiosk-framework provides an easy way to disable certain features within
KDE to create a more controlled environment.
KDE's kiosk-framework builds on KDE's configuration framework and adds a
simple application API that applications can query to get authorisation
for certain operations.
The KDE kiosk-framework should be used IN ADDITION to the standard UNIX
security measures.
The configuration framework in KDE3
===================================
Since the very beginning KDE makes use of file-hierarchy to store resources
for its applications. Resources range from icons, wallpapers, fonts to
sounds, menu-descriptions and configuration files.
In KDE1 there were two locations were resources could be located: the
resources provided by the system where located under $KDEDIR and user-
specific resources where located under $HOME/.kde.
In KDE2 resource management has been largely abstracted by the introduction
of the KStandardDirs class and has become much more flexible. The user /
administrator can now specify a variable number of locations where resources
can be found. A list of locations can either be specified via $KDEDIRS
(notice the extra 'S'), via /etc/kderc and even via the kdeglobals config
file. The location where user-specific resources can be found can be
set with $KDEHOME (The default is $HOME/.kde). Changes made by the user
are always written back to $KDEHOME.
Both KDE1 and KDE2 feature so called "cascading configuration files": There
can be multiple configuration files with the same name in the various
locations for (config) resources, when that is the case, the information of
all these configuration files is combined on a key by key basis. If the same
key (within a certain group) is defined in more than one place, the value
of the key for the config file that was read last will override any previously
read values. Configuration files under $KDEHOME are always read last. This
ensures that after a configuration entry is written, the same value wil be
read back.
In KDE3 two important changes have been made:
* Default values are no longer written.
When a configuration file in a location other than $KDEHOME defines a value
for a key and the application subsequently writes out a new configuration file
to $KDEHOME, that configuration file will only contain an entry for the key
if its value differs from the value read from the other file.
This counters the problem that changing default configuration files under
$KDEDIR would not take effect for users, since these users would most likely
have their own copy of these settings under $KDEHOME. KDE3 will make sure
not to copy these settings so changes made under $KDEDIR will affect all users
that haven't explicitly changed the affected settings to something else.
* Configuration entries can be marked "immutable".
Starting with KDE3, configuration entries can be marked "immutable". When a
configuration entry is immutable it means that configurations files that are
read later will not be able to override its value. Immutable entries can not
be changed via KConfig and if the entry is present under $KDEHOME it will
be ignored.
Entries can be marked immutable on 4 different levels:
- On an entry by entry basis by appending "[$i]" after the key.
Example:
[MyGroup]
someKey[$i]=42
- On a group by group basis by appending "[$i]" after the group. All entries
specified in the group will be marked immutable and no new entries can be
added to the group.
Example:
[MyGroup][$i]
someKey=42
- On a file by file basis by starting the file with [$i].
Example:
[$i]
[MyGroup]
someKey=42
[MyOtherGroup]
someOtherKey=11
- On a directory basis. [Not yet implemented]
- The filesystem can also be used to mark files immutable. If KDE does not
have write-access to the user's version of a configuration file, the file
will be automatically considered immutable.
Example:
chown root.root /home/user/.kde/share/config/kickerrc
chmod 644 /home/user/.kde/share/config/kickerrc
Note that this example is not fool-proof, the user can potentially still
rename either the root-owned kickerrc file or any of the directories in
the path to another name and create a new kickerrc _with_ write-access.
KDE3 Kiosk Application API
==========================
Two new methods will be added to KApplication:
- bool authorize(QString action); // Generic actions
- bool authorizeKAction(QString action); // For KActions exclusively
- bool authorizeURLAction(QString, referringURL, destinationURL)
.desktop files can have an additional field "X-KDE-AuthorizeAction". If this
field is present the .desktop file is only considered if the action(s)
mentioned in this field get(s) authorized. If multiple actions are listed
they should be seperated by commas (',').
To restrict access to function the kdeglobals file should contain the
group "[KDE Action Restrictions]", each action can then restricted by
adding "<action>=false". E.g. to disable the action "shell access" one
would add:
[KDE Action Restrictions]
shell access=false
Actions that refer to menu and toolbar actions are prefixed with action/' the
following standard actions are defined:
action/file_new
action/file_open
action/file_open_recent
action/file_save
action/file_save_as
action/file_revert
action/file_close
action/file_print
action/file_print_preview
action/file_mail
action/file_quit
action/edit_undo
action/edit_redo
action/edit_cut
action/edit_copy
action/edit_paste
action/edit_select_all
action/edit_deselect
action/edit_find
action/edit_find_next
action/edit_find_last
action/edit_replace
action/view_actual_size
action/view_fit_to_page
action/view_fit_to_width
action/view_fit_to_height
action/view_zoom_in
action/view_zoom_out
action/view_zoom
action/view_redisplay
action/go_up
action/go_back
action/go_forward
action/go_home
action/go_previous
action/go_next
action/go_goto
action/go_goto_page
action/go_goto_line
action/go_first
action/go_last
action/bookmark_add
action/bookmark_edit
action/tools_spelling
action/options_show_menubar
action/options_show_toolbar
action/options_show_statusbar
action/options_save_options
action/options_configure_keybinding
action/options_configure
action/options_configure_toolbars
action/help
action/help_contents
action/help_whats_this
action/help_report_bug
action/help_about_app
action/help_about_kde
Applications may use additional actions that they defined themselves.
You can get a list of the actions used by a certain applications by using the
following dcop command:
dcop <dcopid> qt objects | grep KActionCollection/ | cut -d '/' -f 3
or with
dcop <dcopid> <maindwindowid> actions
The most important task is to define a managable number of actions that can be
disabled. Actions should be defined in a generic way, "open konsole" would be
too specific, a better definition of an action would be "shell access".
It should be noted that such an action might affect KDE features which aren't
directly associated with "shell access". There are various locations in the
file system where creating a .desktop file would effectively allow the user to
execute arbitrary commands. This raises the question whether such features
should be disabled as part of the "shell access" action or whether it should
get its own action definition, e.g. "custom .desktop files".
Another interesting question is what the exact scope of a certain action should
be. Looking at the "custom .desktop files" action there are two ways to prevent
the user from executing "custom .desktop files". The first way would be to
make use of unix file permissions to make it impossible for the user to
create .desktop files at e.g. the desktop. The second way would be to ignore,
at the KDE level, any .desktop files that are found under the users home
directory.
In addition KConfigBase (the baseclass of KConfig) has functions to query whether
config options/groups or files are immutable. This can be used in applications to
disable configuration options when such options can't be changed anyway.
The following applications currently have support for this:
* kicker - By marking the kickerrc config file as immutable, the panel will be
"locked down" and it will not be possible to make any changes to it.
* kdesktop - By marking the kdesktoprc config file as immutable, the desktop
will be "locked down" and it will no longer be possible to select
"Configure Desktop" from its menus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-kiosk/attachments/20040929/2ec7da93/attachment.pgp
More information about the kde-kiosk
mailing list