LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/retired/KDE-Kiosk-Mode.sgml

675 lines
17 KiB
Plaintext
Raw Permalink Normal View History

and found a bunch of the older DocBook docs in the output directory
2016-03-25 22:46:32 +00:00
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<article id="index">
<!-- Header -->
<artheader>
<!-- title of HOWTO, include the word HOWTO -->
<title>KDE Kiosk Mode HOWTO</title>
<author>
<firstname>Roland</firstname>
<surname>Fehrenbacher</surname>
<affiliation>
<address>
<email>rfehrenb@transtec.de</email>
</address>
</affiliation>
</author>
<author>
<firstname>Peter</firstname>
<surname>Kruse</surname>
<affiliation>
<address>
<email>Peter.Kruse@wolnet.de</email>
</address>
</affiliation>
</author>
<revhistory>
<revision>
<revnumber>1.4</revnumber>
<date>2002-09-26</date>
<authorinitials>gjf</authorinitials>
<revremark>Archived.</revremark>
</revision>
<revision>
<revnumber>$Revision: 1.1 $</revnumber>
<date>$Date: 2002/09/26 15:20:35 $</date>
<authorinitials>$Author: gferg $</authorinitials>
<revremark>
<comment>
$Log: KDE-Kiosk-Mode.sgml,v $
Revision 1.1 2002/09/26 15:20:35 gferg
archived
Revision 1.3 2001/08/14 07:44:07 kruse
nicer formatting.
Revision 1.2 2001/08/14 07:42:50 pkruse
.
Revision 1.1 2001/08/03 13:56:20 pkruse
almost published.
Revision 1.4 2001/07/31 14:15:21 pkruse
prepare to check in linuxdoc cvs.
Revision 1.3 2001/07/31 13:39:12 pkruse
variable and filename docbook tags added.
Revision 1.2 2001/07/31 11:05:51 pkruse
first revision.
Revision 1.1 2001/07/31 10:49:51 pkruse
Initial revision
</comment>
</revremark>
</revision>
<!-- Additional (*earlier*) revision histories go here -->
</revhistory>
<abstract>
<para>
The requirements for the desktop environment of users in a large
network environment is often very different to a typical homeuser. The
number of applications that these users need to run is usually very
limited, and the users themselves are not very experienced in solving
computing related problems. The administrators of the network
therefore need to ensure that the required applications run reliably,
and can be started by the users with a minimum of hassle. For
security, stability, and also administrative reasons it is then
advisable to provide only the absolutely necessary applications and
functionality.
</para>
<para>
With the advent of modern desktop technology like KDE, this goal has become
harder to achieve. Interoperability between different desktop programs, ease
of configuration by configuration engines, etc. allow the user a great deal
of control over her/his desktop, which is great when needed. The above large
network scenario, however, is not addressable in standard KDE. This is where
the restricted mode tries to fill in the gap.
</para>
<para>
<important>
<para>
<emphasis role="strong">Archived Document Notice: </emphasis>
This document has been archived by the LDP because it does not apply
to modern Linux systems. It is no longer being actively maintained.
Further information on this topic can be found at
<ulink url="http://www.brigadoon.de/peter/kde/">http://www.brigadoon.de/peter/kde/</ulink>.
</para>
</important>
</para>
</abstract>
</artheader>
<!-- Section1: intro -->
<sect1 id="intro">
<title>Introduction</title>
<para>
This document describes a by-product of a project, in which a large
number of Linux based workstations were provided. Although a
kiosk-mode patch exists for KDE 1, this document assumes KDE 2 and the
patches apply to KDE version 2.1.1(2).
</para>
<!-- Section2: copyright -->
<sect2 id="copyright">
<title>Copyright Information</title>
<para>
This document is copyrighted (c) 2001 Peter Kruse and Roland
Fehrenbacher and is distributed under the terms of the Linux
Documentation Project (LDP) license, stated below.
</para>
<para>
Unless otherwise stated, Linux HOWTO documents are
copyrighted by their respective authors. Linux HOWTO documents may
be reproduced and distributed in whole or in part, in any medium
physical or electronic, as long as this copyright notice is
retained on all copies. Commercial redistribution is allowed and
encouraged; however, the authors would like to be notified of any
such distributions.
</para>
<para>
All translations, derivative works, or aggregate works
incorporating any Linux HOWTO documents must be covered under this
copyright notice. That is, you may not produce a derivative work
from a HOWTO and impose additional restrictions on its
distribution. Exceptions to these rules may be granted under
certain conditions; please contact the Linux HOWTO coordinator at
the address given below.
</para>
<para>
In short, we wish to promote dissemination of this
information through as many channels as possible. However, we do
wish to retain copyright on the HOWTO documents, and would like to
be notified of any plans to redistribute the HOWTOs.
</para>
<para>
If you have any questions, please contact
<email>linux-howto@metalab.unc.edu</email>
</para>
</sect2>
<!-- Section2: disclaimer -->
<sect2 id="disclaimer">
<title>Disclaimer</title>
<para>
No liability for the contents of this documents can be accepted.
Use the concepts, examples and other content at your own risk.
As this is a new edition of this document, there may be errors
and inaccuracies, that may of course be damaging to your system.
Proceed with caution, and although this is highly unlikely,
the authors do not take any responsibility for that.
</para>
<para>
All copyrights are held by their by their respective owners, unless
specifically noted otherwise. Use of a term in this document
should not be regarded as affecting the validity of any trademark
or service mark.
</para>
<para>
Naming of particular products or brands should not be seen
as endorsements.
</para>
<para>
You are strongly recommended to take a backup of your system
before major installation and backups at regular intervals.
</para>
</sect2>
<!-- Section2: newversions-->
<sect2 id="newversions">
<title>New Versions</title>
<para>
This document and the patches are available at
<ulink url="http://www.brigadoon.de/peter/kde">http://www.brigadoon.de/peter/kde</ulink>.
</para>
</sect2>
<!-- Section2: credits -->
<sect2 id="credits">
<title>Credits</title>
<para>
<email>Werner.Westerkamp (at) lbbw.de</email> for giving useful
tips, and proof-reading this HOWTO
</para>
<para>
<email>remalone (at) sympatico.ca</email> for first-time testing
the instructions given here
</para>
</sect2>
<!-- Section2: feedback -->
<sect2 id="feedback">
<title>Feedback</title>
<para>
Please send any comments, corrections or additions to one of the authors.
</para>
</sect2>
</sect1>
<!-- Section1: intro: END -->
<sect1 id="motivation">
<title>Motivation</title>
<para>
The following requirements had to be met:
</para>
<itemizedlist>
<listitem>
<para>The user should not be able to open an interactive shell
(Terminal), or run arbitrary commands,
</para>
</listitem>
<listitem>
<para>
The user should not have a view to the filesystem, so no
filemanager,
</para>
</listitem>
<listitem>
<para>The user should not be able to modify or create files
directly by means provided by KDE (no editor, menuedit, etc.).
</para>
</listitem>
</itemizedlist>
<para>
Note that these are not requirements for the applications that run under KDE.
Every application should make sure by itself, that these requirements are met.
It is known, that of course many applications have an Open File Dialog, and
thus could modify Files under .kde and so make it possible to run arbitrary
commands.
</para>
<para>
The restrictions should only apply when an environment variable
<EnVar>KDE_MODE</EnVar> is
set to ``restricted''. If it is not set, a normal KDE Desktop should open.
It follows, that the user can only run applications that are found in
the Application menu. So the administrator must be able to provide the
applications. A tool is needed to add, remove and modify entries in
the menu.
</para>
</sect1>
<!-- Section1: samples: END -->
<!-- Section1: structure -->
<sect1 id="implementation">
<title>Implementation</title>
<sect2 id="patches">
<title>Source Code Patches</title>
<para>
Some files in kdebase-2.1.1 have to be patched:
</para>
<itemizedlist>
<listitem>
<para>
appletop_mnu.cpp.patch: Applets on the panel can be moved and removed, but
the Preferences dialog is disabled.
</para>
</listitem>
<listitem>
<para>
k_mnu.cpp.patch: <guimenuitem>Run Command...</guimenuitem> and
<guisubmenu>Configure Panel</guisubmenu> entries are
removed from the standard <guimenu>K</guimenu> Menu
</para>
</listitem>
<listitem>
<para>
khc_man.cc.patch: Online Help is completely disabled. This would
open konqueror.
</para>
</listitem>
<listitem>
<para>
konq_popupmenu.cc.patch: right-mouse menu on icons on the desktop
are reduced to <guimenuitem>Cut</guimenuitem>,
<guimenuitem>Copy</guimenuitem>, <guimenuitem>Paste</guimenuitem>,
<guimenuitem>Delete</guimenuitem>, ... but no <guimenuitem>Open With
...</guimenuitem>,
no <guimenuitem>Edit File Type...</guimenuitem> and no
<guimenuitem>Poperties...</guimenuitem> dialogs.
</para>
</listitem>
<listitem>
<para>
pagerapplet.cpp.patch: on minipager selection of type
(<guimenuitem>Preview</guimenuitem>,
<guimenuitem>Number</guimenuitem>,
<guimenuitem>Name</guimenuitem>) is disabled. this caused trouble in
multihead environment.
</para>
</listitem>
<listitem>
<para>
panel.cpp.patch: right mouse menu on Panel is disabled.
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 id="global-modification">
<title>Global modifications</title>
<para>
Instead of a dcop call, a program <command>screensaver</command> is
executed, which must be found in the <envar>PATH</envar>. Just create
a script called <command>screensaver</command>
with the following contents:
<programlisting>
#!/bin/bash
dcop kdesktop KScreensaverIface lock
</programlisting>
make it executable and put it in <filename>$KDEDIR/bin</filename>.
</para>
<para>
Instead of the normal procedure, a program <command>klogout</command>
is called, which must be found in the <envar>PATH</envar>. Create a
script called <command>klogout</command> with the following contents:
<programlisting>
#!/bin/bash
dcop kdesktop KDesktopIface logout
</programlisting>
make it executable and put it in <filename>$KDEDIR/bin</filename>,
where <filename>$KDEDIR</filename> is the install directory of KDE and
<filename>$KDEDIR/bin</filename> is found in your
<EnVar>PATH</EnVar>.
</para>
<itemizedlist>
<listitem>
<para>
krootwm.cc.patch: klogout is executed instead of a dcop call
</para>
</listitem>
<listitem>
<para>
systemtrayapplet.cpp.patch: again call of klogout and screensaver
instead of dcop calls.
</para>
</listitem>
<listitem>
<para>
workspace.cpp.patch: call of klogout instead of dcop call.
</para>
</listitem>
</itemizedlist>
<para>
Everything else can be done with normal configuration, that is:
(Configuration files can be found in <filename>$KDEDIR/share/config</filename>)
Remove Trash, Templates and Autostart Icons from the desktop and disable
<keycombo action="Simul"><keycap>Alt</keycap><keycap>F2</keycap></keycombo>
by modifying <filename>kdeglobals</filename>. Make sure the following
entries exist:
<programlisting>
[Paths]
Trash=$HOME/.kde2/Trash/
Autostart=$HOME/.kde2/Autostart/
Templates=$HOME/.kde2/Templates/
Desktop=$HOME/.kde2/Desktop/
[Global Keys]
Execute command=
</programlisting>
(it may be <filename>.kde</filename> instead of <filename>.kde2</filename>)
</para>
<para>
disable Desktop menu and tips on start. Make sure the following entry
exists in <filename>kdesktoprc</filename>:
<programlisting>
[Mouse Buttons]
Right=
[General]
TipsOnStart=false
</programlisting>
You could also login as the special user, and configure it only for
him, then the config files are found in <filename>$KDEHOME/share/config</filename> where
<filename>$KDEHOME</filename> is normally <filename>$HOME/.kde</filename>.
</para>
</sect2>
<sect2 id="kde-mode">
<title>How to set the variable KDE_MODE</title>
<para>
To answer this, you must understand what happens after you
successfully authorized yourself to the system: Depending on your
distribution, some scripts are executed, from which one should be
modified to set <EnVar>KDE_MODE</EnVar>. There is a script called
<Command>Xsession</Command> under <filename>/etc/X11/xdm</filename> or
<filename>/usr/X11R6/lib/xdm</filename>, which you could modify, or
<Command>startkde</Command>, that is located under
<filename>$KDEDIR/bin</filename>. Note however, that the variable
must be set prior to calling the kde processes.
</para>
<para>
Since we had the need to make a setup for a big environment (now
reaching 300 users) we wrote an application that enables us to
administer. It also creates the KDE Menus. It writes a file called
<filename>.env.sh</filename> in a user's home directory, that will be
sourced in <Command>Xsession</Command>. That is what you could do. So
you could put in <filename>.env.sh</filename> of that specific user's
home directory:
</para>
<programlisting>
#!/bin/sh
KDE_MODE="restricted"
export KDE_MODE
</programlisting>
<para>
and add to Xsession, somewhere prior to calling startkde:
</para>
<programlisting>
if [ -f $HOME/.env.sh ]; then
. $HOME/.env.sh
fi
</programlisting>
<para>
We also have two kdedirs that looks like to separate installations of
KDE, this was neccessary so "normal" users could still have a
full-featured KDE. So we have an original kdedir, and a restricted
kdedir, in which we removed entries under
<filename>share/applnk</filename> and set the variable
<envar>KDEDIR</envar> (under KDE 2 the variable <envar>KDEDIRS</envar>
was introduced but <envar>KDEDIR</envar> is still used). The files
under <filename>share/applnk</filename> make up the menu. Caution, you
cannot just remove all files there, because some are needed to
initialize KDE.
</para>
<para>
You also set the Variable <envar>KDEDIR</envar> in
<command>Xsession</command>, after sourcing
<filename>.env.sh</filename> like this:
</para>
<programlisting>
case "$KDE_MODE" in
restricted)
KDEDIR=/usr/local/kde/restricted_kdedir
;;
*)
KDEDIR=/usr/local/kde
esac
export KDEDIR
</programlisting>
<para>
Replace <filename>/usr/local/kde</filename> with the install directory
of your KDE. The contents of
<filename>/usr/local/kde/restricted_kdedir</filename> looks like:
<screen>
bin -> ../bin
cgi-bin -> ../cgi-bin
etc -> ../etc
lib -> ../lib
share
</screen>
</para>
<para>
only share is a real directory, every other directory is a symbolic
link pointing to original
kdedir. <filename>/usr/local/kde/restricted_kdedir/share</filename>
has the following contents:
<screen>
aclocal -> ../../share/aclocal
applnk
apps -> ../../share/apps
autostart -> ../../share/autostart
config -> ../../share/config
doc -> ../../share/doc
fonts -> ../../share/fonts
icons -> ../../share/icons
locale -> ../../share/locale
mimelnk -> ../../share/mimelnk
services -> ../../share/services
servicetypes -> ../../share/servicetypes
sounds -> ../../share/sounds
templates -> ../../share/templates
wallpapers -> ../../share/wallpapers
</screen>
</para>
<para>
only applnk is a real directory. As a minimal requirement remove
everything except:
<screen>
Settings/Peripherals/mouse.desktop
Settings/LookNFeel/background.desktop
/colors.desktop
/kwinoptions.desktop
/style.desktop
/virtualdesktops.desktop
</screen>
under <filename>/usr/local/kde/restricted_kdedir/share/applnk</filename>
</para>
</sect2>
</sect1>
</article>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:nil
sgml-parent-document:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->