mirror of https://github.com/tLDP/LDP
675 lines
17 KiB
Plaintext
Executable File
675 lines
17 KiB
Plaintext
Executable File
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
|
|
|
|
<article id="index">
|
|
|
|
<!-- Header -->
|
|
|
|
<artheader>
|
|
|
|
<!-- title of HOWTO, include the word HOWTO -->
|
|
|
|
<title>KDE Kiosk Mode HOWTO</title>
|
|
|
|
<author>
|
|
<firstname>Roland</firstname>
|
|
<surname>Fehrenbacher</surname>
|
|
<affiliation>
|
|
<address>
|
|
<email>rfehrenb@transtec.de</email>
|
|
</address>
|
|
</affiliation>
|
|
</author>
|
|
|
|
<author>
|
|
<firstname>Peter</firstname>
|
|
<surname>Kruse</surname>
|
|
<affiliation>
|
|
<address>
|
|
<email>Peter.Kruse@wolnet.de</email>
|
|
</address>
|
|
</affiliation>
|
|
</author>
|
|
|
|
<revhistory>
|
|
<revision>
|
|
<revnumber>1.4</revnumber>
|
|
<date>2002-09-26</date>
|
|
<authorinitials>gjf</authorinitials>
|
|
<revremark>Archived.</revremark>
|
|
</revision>
|
|
<revision>
|
|
<revnumber>$Revision: 1.1 $</revnumber>
|
|
<date>$Date: 2002/09/26 15:20:35 $</date>
|
|
<authorinitials>$Author: gferg $</authorinitials>
|
|
<revremark>
|
|
|
|
<comment>
|
|
$Log: KDE-Kiosk-Mode.sgml,v $
|
|
Revision 1.1 2002/09/26 15:20:35 gferg
|
|
archived
|
|
|
|
Revision 1.3 2001/08/14 07:44:07 kruse
|
|
nicer formatting.
|
|
|
|
Revision 1.2 2001/08/14 07:42:50 pkruse
|
|
.
|
|
|
|
Revision 1.1 2001/08/03 13:56:20 pkruse
|
|
almost published.
|
|
|
|
Revision 1.4 2001/07/31 14:15:21 pkruse
|
|
prepare to check in linuxdoc cvs.
|
|
|
|
Revision 1.3 2001/07/31 13:39:12 pkruse
|
|
variable and filename docbook tags added.
|
|
|
|
Revision 1.2 2001/07/31 11:05:51 pkruse
|
|
first revision.
|
|
|
|
Revision 1.1 2001/07/31 10:49:51 pkruse
|
|
Initial revision
|
|
</comment>
|
|
|
|
</revremark>
|
|
</revision>
|
|
|
|
<!-- Additional (*earlier*) revision histories go here -->
|
|
</revhistory>
|
|
|
|
<abstract>
|
|
|
|
<para>
|
|
The requirements for the desktop environment of users in a large
|
|
network environment is often very different to a typical homeuser. The
|
|
number of applications that these users need to run is usually very
|
|
limited, and the users themselves are not very experienced in solving
|
|
computing related problems. The administrators of the network
|
|
therefore need to ensure that the required applications run reliably,
|
|
and can be started by the users with a minimum of hassle. For
|
|
security, stability, and also administrative reasons it is then
|
|
advisable to provide only the absolutely necessary applications and
|
|
functionality.
|
|
</para>
|
|
|
|
<para>
|
|
With the advent of modern desktop technology like KDE, this goal has become
|
|
harder to achieve. Interoperability between different desktop programs, ease
|
|
of configuration by configuration engines, etc. allow the user a great deal
|
|
of control over her/his desktop, which is great when needed. The above large
|
|
network scenario, however, is not addressable in standard KDE. This is where
|
|
the restricted mode tries to fill in the gap.
|
|
</para>
|
|
|
|
<para>
|
|
<important>
|
|
<para>
|
|
<emphasis role="strong">Archived Document Notice: </emphasis>
|
|
This document has been archived by the LDP because it does not apply
|
|
to modern Linux systems. It is no longer being actively maintained.
|
|
Further information on this topic can be found at
|
|
<ulink url="http://www.brigadoon.de/peter/kde/">http://www.brigadoon.de/peter/kde/</ulink>.
|
|
</para>
|
|
</important>
|
|
</para>
|
|
</abstract>
|
|
|
|
</artheader>
|
|
|
|
|
|
<!-- Section1: intro -->
|
|
|
|
<sect1 id="intro">
|
|
<title>Introduction</title>
|
|
|
|
<para>
|
|
This document describes a by-product of a project, in which a large
|
|
number of Linux based workstations were provided. Although a
|
|
kiosk-mode patch exists for KDE 1, this document assumes KDE 2 and the
|
|
patches apply to KDE version 2.1.1(2).
|
|
</para>
|
|
|
|
<!-- Section2: copyright -->
|
|
|
|
<sect2 id="copyright">
|
|
<title>Copyright Information</title>
|
|
|
|
<para>
|
|
This document is copyrighted (c) 2001 Peter Kruse and Roland
|
|
Fehrenbacher and is distributed under the terms of the Linux
|
|
Documentation Project (LDP) license, stated below.
|
|
</para>
|
|
|
|
<para>
|
|
Unless otherwise stated, Linux HOWTO documents are
|
|
copyrighted by their respective authors. Linux HOWTO documents may
|
|
be reproduced and distributed in whole or in part, in any medium
|
|
physical or electronic, as long as this copyright notice is
|
|
retained on all copies. Commercial redistribution is allowed and
|
|
encouraged; however, the authors would like to be notified of any
|
|
such distributions.
|
|
</para>
|
|
|
|
<para>
|
|
All translations, derivative works, or aggregate works
|
|
incorporating any Linux HOWTO documents must be covered under this
|
|
copyright notice. That is, you may not produce a derivative work
|
|
from a HOWTO and impose additional restrictions on its
|
|
distribution. Exceptions to these rules may be granted under
|
|
certain conditions; please contact the Linux HOWTO coordinator at
|
|
the address given below.
|
|
</para>
|
|
|
|
<para>
|
|
In short, we wish to promote dissemination of this
|
|
information through as many channels as possible. However, we do
|
|
wish to retain copyright on the HOWTO documents, and would like to
|
|
be notified of any plans to redistribute the HOWTOs.
|
|
</para>
|
|
|
|
<para>
|
|
If you have any questions, please contact
|
|
<email>linux-howto@metalab.unc.edu</email>
|
|
</para>
|
|
</sect2>
|
|
|
|
<!-- Section2: disclaimer -->
|
|
|
|
<sect2 id="disclaimer">
|
|
<title>Disclaimer</title>
|
|
|
|
<para>
|
|
No liability for the contents of this documents can be accepted.
|
|
Use the concepts, examples and other content at your own risk.
|
|
As this is a new edition of this document, there may be errors
|
|
and inaccuracies, that may of course be damaging to your system.
|
|
Proceed with caution, and although this is highly unlikely,
|
|
the authors do not take any responsibility for that.
|
|
</para>
|
|
|
|
<para>
|
|
All copyrights are held by their by their respective owners, unless
|
|
specifically noted otherwise. Use of a term in this document
|
|
should not be regarded as affecting the validity of any trademark
|
|
or service mark.
|
|
</para>
|
|
|
|
<para>
|
|
Naming of particular products or brands should not be seen
|
|
as endorsements.
|
|
</para>
|
|
|
|
<para>
|
|
You are strongly recommended to take a backup of your system
|
|
before major installation and backups at regular intervals.
|
|
</para>
|
|
</sect2>
|
|
|
|
<!-- Section2: newversions-->
|
|
|
|
<sect2 id="newversions">
|
|
<title>New Versions</title>
|
|
|
|
<para>
|
|
This document and the patches are available at
|
|
<ulink url="http://www.brigadoon.de/peter/kde">http://www.brigadoon.de/peter/kde</ulink>.
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<!-- Section2: credits -->
|
|
|
|
<sect2 id="credits">
|
|
<title>Credits</title>
|
|
|
|
<para>
|
|
<email>Werner.Westerkamp (at) lbbw.de</email> for giving useful
|
|
tips, and proof-reading this HOWTO
|
|
</para>
|
|
|
|
<para>
|
|
<email>remalone (at) sympatico.ca</email> for first-time testing
|
|
the instructions given here
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<!-- Section2: feedback -->
|
|
|
|
<sect2 id="feedback">
|
|
<title>Feedback</title>
|
|
|
|
<para>
|
|
Please send any comments, corrections or additions to one of the authors.
|
|
</para>
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
<!-- Section1: intro: END -->
|
|
|
|
|
|
<sect1 id="motivation">
|
|
<title>Motivation</title>
|
|
|
|
<para>
|
|
The following requirements had to be met:
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
<para>The user should not be able to open an interactive shell
|
|
(Terminal), or run arbitrary commands,
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
The user should not have a view to the filesystem, so no
|
|
filemanager,
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>The user should not be able to modify or create files
|
|
directly by means provided by KDE (no editor, menuedit, etc.).
|
|
</para>
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
<para>
|
|
Note that these are not requirements for the applications that run under KDE.
|
|
Every application should make sure by itself, that these requirements are met.
|
|
It is known, that of course many applications have an Open File Dialog, and
|
|
thus could modify Files under .kde and so make it possible to run arbitrary
|
|
commands.
|
|
</para>
|
|
|
|
<para>
|
|
The restrictions should only apply when an environment variable
|
|
<EnVar>KDE_MODE</EnVar> is
|
|
set to ``restricted''. If it is not set, a normal KDE Desktop should open.
|
|
|
|
It follows, that the user can only run applications that are found in
|
|
the Application menu. So the administrator must be able to provide the
|
|
applications. A tool is needed to add, remove and modify entries in
|
|
the menu.
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
<!-- Section1: samples: END -->
|
|
|
|
|
|
<!-- Section1: structure -->
|
|
|
|
<sect1 id="implementation">
|
|
<title>Implementation</title>
|
|
|
|
<sect2 id="patches">
|
|
<title>Source Code Patches</title>
|
|
|
|
<para>
|
|
Some files in kdebase-2.1.1 have to be patched:
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
<para>
|
|
appletop_mnu.cpp.patch: Applets on the panel can be moved and removed, but
|
|
the Preferences dialog is disabled.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
k_mnu.cpp.patch: <guimenuitem>Run Command...</guimenuitem> and
|
|
<guisubmenu>Configure Panel</guisubmenu> entries are
|
|
removed from the standard <guimenu>K</guimenu> Menu
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
khc_man.cc.patch: Online Help is completely disabled. This would
|
|
open konqueror.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
konq_popupmenu.cc.patch: right-mouse menu on icons on the desktop
|
|
are reduced to <guimenuitem>Cut</guimenuitem>,
|
|
<guimenuitem>Copy</guimenuitem>, <guimenuitem>Paste</guimenuitem>,
|
|
<guimenuitem>Delete</guimenuitem>, ... but no <guimenuitem>Open With
|
|
...</guimenuitem>,
|
|
no <guimenuitem>Edit File Type...</guimenuitem> and no
|
|
<guimenuitem>Poperties...</guimenuitem> dialogs.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
pagerapplet.cpp.patch: on minipager selection of type
|
|
(<guimenuitem>Preview</guimenuitem>,
|
|
<guimenuitem>Number</guimenuitem>,
|
|
<guimenuitem>Name</guimenuitem>) is disabled. this caused trouble in
|
|
multihead environment.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
panel.cpp.patch: right mouse menu on Panel is disabled.
|
|
</para>
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
</sect2>
|
|
|
|
<sect2 id="global-modification">
|
|
<title>Global modifications</title>
|
|
|
|
<para>
|
|
|
|
Instead of a dcop call, a program <command>screensaver</command> is
|
|
executed, which must be found in the <envar>PATH</envar>. Just create
|
|
a script called <command>screensaver</command>
|
|
with the following contents:
|
|
|
|
<programlisting>
|
|
#!/bin/bash
|
|
|
|
dcop kdesktop KScreensaverIface lock
|
|
</programlisting>
|
|
|
|
make it executable and put it in <filename>$KDEDIR/bin</filename>.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Instead of the normal procedure, a program <command>klogout</command>
|
|
is called, which must be found in the <envar>PATH</envar>. Create a
|
|
script called <command>klogout</command> with the following contents:
|
|
|
|
<programlisting>
|
|
#!/bin/bash
|
|
|
|
dcop kdesktop KDesktopIface logout
|
|
</programlisting>
|
|
make it executable and put it in <filename>$KDEDIR/bin</filename>,
|
|
where <filename>$KDEDIR</filename> is the install directory of KDE and
|
|
<filename>$KDEDIR/bin</filename> is found in your
|
|
<EnVar>PATH</EnVar>.
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem>
|
|
<para>
|
|
krootwm.cc.patch: klogout is executed instead of a dcop call
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
systemtrayapplet.cpp.patch: again call of klogout and screensaver
|
|
instead of dcop calls.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
workspace.cpp.patch: call of klogout instead of dcop call.
|
|
</para>
|
|
</listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
<para>
|
|
Everything else can be done with normal configuration, that is:
|
|
|
|
(Configuration files can be found in <filename>$KDEDIR/share/config</filename>)
|
|
|
|
Remove Trash, Templates and Autostart Icons from the desktop and disable
|
|
<keycombo action="Simul"><keycap>Alt</keycap><keycap>F2</keycap></keycombo>
|
|
by modifying <filename>kdeglobals</filename>. Make sure the following
|
|
entries exist:
|
|
|
|
<programlisting>
|
|
[Paths]
|
|
|
|
Trash=$HOME/.kde2/Trash/
|
|
|
|
Autostart=$HOME/.kde2/Autostart/
|
|
|
|
Templates=$HOME/.kde2/Templates/
|
|
|
|
Desktop=$HOME/.kde2/Desktop/
|
|
|
|
|
|
[Global Keys]
|
|
|
|
Execute command=
|
|
</programlisting>
|
|
|
|
(it may be <filename>.kde</filename> instead of <filename>.kde2</filename>)
|
|
|
|
</para>
|
|
|
|
<para>
|
|
disable Desktop menu and tips on start. Make sure the following entry
|
|
exists in <filename>kdesktoprc</filename>:
|
|
|
|
<programlisting>
|
|
[Mouse Buttons]
|
|
|
|
Right=
|
|
|
|
[General]
|
|
|
|
TipsOnStart=false
|
|
</programlisting>
|
|
|
|
You could also login as the special user, and configure it only for
|
|
him, then the config files are found in <filename>$KDEHOME/share/config</filename> where
|
|
<filename>$KDEHOME</filename> is normally <filename>$HOME/.kde</filename>.
|
|
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<sect2 id="kde-mode">
|
|
<title>How to set the variable KDE_MODE</title>
|
|
|
|
<para>
|
|
To answer this, you must understand what happens after you
|
|
successfully authorized yourself to the system: Depending on your
|
|
distribution, some scripts are executed, from which one should be
|
|
modified to set <EnVar>KDE_MODE</EnVar>. There is a script called
|
|
<Command>Xsession</Command> under <filename>/etc/X11/xdm</filename> or
|
|
<filename>/usr/X11R6/lib/xdm</filename>, which you could modify, or
|
|
<Command>startkde</Command>, that is located under
|
|
<filename>$KDEDIR/bin</filename>. Note however, that the variable
|
|
must be set prior to calling the kde processes.
|
|
</para>
|
|
|
|
<para>
|
|
Since we had the need to make a setup for a big environment (now
|
|
reaching 300 users) we wrote an application that enables us to
|
|
administer. It also creates the KDE Menus. It writes a file called
|
|
<filename>.env.sh</filename> in a user's home directory, that will be
|
|
sourced in <Command>Xsession</Command>. That is what you could do. So
|
|
you could put in <filename>.env.sh</filename> of that specific user's
|
|
home directory:
|
|
</para>
|
|
|
|
<programlisting>
|
|
#!/bin/sh
|
|
|
|
KDE_MODE="restricted"
|
|
|
|
export KDE_MODE
|
|
</programlisting>
|
|
|
|
<para>
|
|
and add to Xsession, somewhere prior to calling startkde:
|
|
</para>
|
|
|
|
<programlisting>
|
|
if [ -f $HOME/.env.sh ]; then
|
|
|
|
. $HOME/.env.sh
|
|
|
|
fi
|
|
</programlisting>
|
|
|
|
<para>
|
|
We also have two kdedirs that looks like to separate installations of
|
|
KDE, this was neccessary so "normal" users could still have a
|
|
full-featured KDE. So we have an original kdedir, and a restricted
|
|
kdedir, in which we removed entries under
|
|
<filename>share/applnk</filename> and set the variable
|
|
<envar>KDEDIR</envar> (under KDE 2 the variable <envar>KDEDIRS</envar>
|
|
was introduced but <envar>KDEDIR</envar> is still used). The files
|
|
under <filename>share/applnk</filename> make up the menu. Caution, you
|
|
cannot just remove all files there, because some are needed to
|
|
initialize KDE.
|
|
</para>
|
|
|
|
<para>
|
|
You also set the Variable <envar>KDEDIR</envar> in
|
|
<command>Xsession</command>, after sourcing
|
|
<filename>.env.sh</filename> like this:
|
|
</para>
|
|
|
|
<programlisting>
|
|
case "$KDE_MODE" in
|
|
|
|
restricted)
|
|
|
|
KDEDIR=/usr/local/kde/restricted_kdedir
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
KDEDIR=/usr/local/kde
|
|
|
|
esac
|
|
|
|
export KDEDIR
|
|
</programlisting>
|
|
|
|
<para>
|
|
Replace <filename>/usr/local/kde</filename> with the install directory
|
|
of your KDE. The contents of
|
|
<filename>/usr/local/kde/restricted_kdedir</filename> looks like:
|
|
|
|
<screen>
|
|
|
|
bin -> ../bin
|
|
|
|
cgi-bin -> ../cgi-bin
|
|
|
|
etc -> ../etc
|
|
|
|
lib -> ../lib
|
|
|
|
share
|
|
|
|
</screen>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
only share is a real directory, every other directory is a symbolic
|
|
link pointing to original
|
|
kdedir. <filename>/usr/local/kde/restricted_kdedir/share</filename>
|
|
has the following contents:
|
|
|
|
<screen>
|
|
|
|
aclocal -> ../../share/aclocal
|
|
|
|
applnk
|
|
|
|
apps -> ../../share/apps
|
|
|
|
autostart -> ../../share/autostart
|
|
|
|
config -> ../../share/config
|
|
|
|
doc -> ../../share/doc
|
|
|
|
fonts -> ../../share/fonts
|
|
|
|
icons -> ../../share/icons
|
|
|
|
locale -> ../../share/locale
|
|
|
|
mimelnk -> ../../share/mimelnk
|
|
|
|
services -> ../../share/services
|
|
|
|
servicetypes -> ../../share/servicetypes
|
|
|
|
sounds -> ../../share/sounds
|
|
|
|
templates -> ../../share/templates
|
|
|
|
wallpapers -> ../../share/wallpapers
|
|
|
|
</screen>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
only applnk is a real directory. As a minimal requirement remove
|
|
everything except:
|
|
|
|
<screen>
|
|
|
|
Settings/Peripherals/mouse.desktop
|
|
|
|
Settings/LookNFeel/background.desktop
|
|
|
|
/colors.desktop
|
|
|
|
/kwinoptions.desktop
|
|
|
|
/style.desktop
|
|
|
|
/virtualdesktops.desktop
|
|
|
|
</screen>
|
|
|
|
under <filename>/usr/local/kde/restricted_kdedir/share/applnk</filename>
|
|
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
</article>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-namecase-general:t
|
|
sgml-general-insert-case:lower
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:nil
|
|
sgml-parent-document:nil
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
-->
|