[Kde-kiosk] Locked down too much

brendan powers brendan0powers at gmail.com
Sun Aug 19 00:05:05 CEST 2007 

Thats a really useful tip.

Also on another note, logging on to a graphical session as root is a
very bad idea. Any browser  or other exploit will give the attacker
admin access to the machine.

I suggest making an admin account, with an admin profile. Then use
sudo or su to gain root access.

On 8/18/07, Verner Kjærsgaard <vk at os-academy.dk> wrote:
> Lørdag 18 august 2007 00:09 skrev Paul Dausman:
> > I've had an issue kiosk admin tool.  We're new to the tool and quite
> > frankly we're not Linux pro's yet either.  Every time that we try to lock
> > down our desktop and menus we also lock down the root user.  I'm new to the
> > kiosk admin tool, but how do I lock everyone but root down?  We managed to
> > remove the parts of the kde menu that Kiosk admin tool was listed under and
> > also our command line tool, so at the current moment we're rebuilding the
> > machine.  Please help guide me on this next install. we using Suse v10.2.
> >
> > Thanks
> >
> > Peter
> >
> >
> > ---------------------------------
> > Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's
> > on, when.
>
> Hi,
>
> - in kiosktool, make a profile, call it superusers or whatever.
> - let this profile have all rights or so.
> - let your superusers be members of this group/profile.
>
> - done.
>
> A trick:
>
> On the server, do
>
> touch /tmp/now
>
> - this leaves a timestamp of now in the file /tmp/now
>
> - change something in KDE either as your self
> (look into /home/your-user-name/.kde/share/config/...)
>
> or using kiosktool
> (look into /var/lib/kde-profiles/...)
>
> Find what changed by (as root)
>
> cd /var/lib/kde-profiles/
>
> and now...:
>
> find . -newer /tmp/now
>
> This gives you a list of files with a timestamp newer than the time at which
> you did the "touch" command.
>
> Hope this helps :-)
>
>
>
> --
> -------------------------------------------------------------------------
> Med venlig hilsen/Best regards
> Verner Kjærsgaard
> _______________________________________________
> kde-kiosk mailing list
> kde-kiosk at kde.org
> https://mail.kde.org/mailman/listinfo/kde-kiosk
>

More information about the kde-kiosk mailing list