[Kde-kiosk] how to make KDE kiosk work
Martijn Klingens
klingens at kde.org
Mon Jan 10 10:35:24 CET 2005
On Monday 10 January 2005 03:29, Claudio Henrique Fortes Felix wrote:
> Is the KDE kiosk framework just the result of the ability we have to
> edit the configuration files, for example, on /opt/kde/share, using
> immutable attributes, or is it something more than that? By looking at
> how kiosktool works, it appears to use profiles that, according to the
> its docs, are nothing else than KDE configuration directory structures.
> However, I see no KDEDIRS variable exporting them, so it appears there´s
> something more to it than the KDE documentation explains.
Yup, there's one more thing that was added rather recently (KDE 3.2.2 if I'm
not mistaken) and that's not in most documentation: user profiles.
In all older KDE 3.x versions you needed to export KDEDIRS to apply a profile.
The problem with this approach (besides being more work for the
administrator) is that it's usually possible for users to override the
profile by executing 'KDEDIRS=/opt/kde3 konqueror'. All a user needs is the
ability to either dump a shell script or have direct shell access and the
result is that he or she can run Konqueror in its full mode rather than the
locked down version.
Of course there will always be ways to circumvent Kiosk restrictions on
loosely locked down systems[1] (if all else fails one could put self-compiled
binaries there), but it doesn't hurt if it's at least somewhat challenging to
do so.
This is where the user profiles come into play. Those are handled directly by
the files in /etc (kde3rc, kde-user-profile, kde-profile) and special code in
the KDE libraries. The only way to bypass them without messing with files
that only root should have access to or using custom binaries is to get
listed in the 'kioskAdmin' field of /etc/kde3rc. In case you're listed there
you can set $KDE_KIOSK_NO_PROFILES to temporarily bypass the profiles.
Hope this helps,
Martijn
[1] The less your users should be able to do, the more you can do to secure
the system. You can't take the ability to store executable programs from a
developer, nor can you take his shell access. However, many other people
can work perfectly fine with a home dir that's mounted noexec and without
shell access.
More information about the kde-kiosk
mailing list