[KLUG Members] gnome users in a one app prison

Bruce Smith members@kalamazoolinux.org
08 Jul 2003 13:14:28 -0400

Previous message: [KLUG Members] gnome users in a one app prison
Next message: [KLUG Members] gnome users in a one app prison
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > > > I would like to know how to put a user into a one or two application
> > > > > prison in gnome.  I'd like to control these users desktops to have no
> > > > > gnome-panel and only an icon or two to execute from the desktop.  Is
> > > > > this possible?  They will be getting a desktop through ltsp.  
> > > > Does it have to be Gnome?  
> > > No, does not have to.  I was attempting to make this easier by not
> > > installing another window manager on this machine.
> > Simple WM's like fvwm are very small.  The advantage is they are easy to
> > configure to what applications are on the menu.
> 
> There has been a fair amount of discussion about this over on the GNOME
> list,  might be worth visiting the archives.

Even if you can do it with Gnome, I wouldn't use Gnome on a LTSP or
x-terminal since it's so resource intensive.  Smaller WM's seem to run
much faster over a network.

> > > > I think it'd be easier to do with something
> > > > like fvwm.
> > > > > I will be
> > > > > on the same machine and would prefer to not be in the jail.
> > > > Does the terminal have a xdm/gdm/kdm/... login screen?
> > > gdm
> > Depending on what you want to do, I found kdm to be more powerful.
> > (default userid, auto login, etc.)
> 
> GDM supports all the above, and they can be setup in the GUI.

kdm supports it better, at least it did 6-12 months ago when I was
looking.  There was a few things that kdm did that gdm didn't. 

For instance, I have the userid defaulted in the login screen, I have a
list of users listed as icons that the user can select, and I have a
list of userid's that do not need to supply a password.  This can be
configured uniquely for each different x-terminal!

That way all the user has to do is to press ENTER to login as the
default user.  The default userid's password is locked, so people cannot
login as that user anywhere else (and is not required on certain terms).

I don't remember which ones, but not all of those things can be done
with gdm.

> > > > If so, you can force your users to one window manager (fvwm?)
> > > > and allow yourself to select other WM's.
> > > I could attempt to do so.  Do you think this would be the easiest way.
> > Assuming you don't want to give your users a shell prompt, and they
> > cannot edit files in their home directory, I'd give yourself a different
> > fvwm config (with an xterm - to allow you to start anything).
> > > > Or you can have your own ~/.fvwmrc config file, different than your
> > > > users, giving you more applications you can run.
> 
> Or you can create a session that calls fvwm with a different config
> file,  the window manager process accepts command line directives.

Sure.  You also have to be careful a smart user can't create their own
~/.fvwmrc file to override the default.

> > fvwm doesn't have any panels like gnome or xfce.  You can create a popup
> > menu that appears when they right-click on the desktop, to launch apps.
> > If you want a panel, use xfce.  It is also small and easy to config.
> 
> But can xfce be secured?  Doesn't it have widgets to adjust it's own
> configuration (one of the original reasons I used XFCE).  I don't know
> if they can be turned off.

xfce had some option to secure it when I last looked.  I don't remember
the details.

I ended up going with no WM at all for my application (data collection).
I simply start X and start a TCL/TK application for the default user.
Using geometry parameters so the window appears centered and the correct
size (with no border or title bar or window buttons).  When they exit
the TCL/TK application, it signs the user off the x-terminal.

> > > > Or you can not give them a windows manager at all, which really 
> > > > limits them!  (what I do on data collection terminals)
> > > I could look at the possibility of doing so through ltsp.  Just never
> > > done it before.
> > I've never done it with LTSP, but I've done it using a real X-Terminal.
> > Shouldn't be too much different.
> 
> It isn't - done it with both, really essentially the same.

One other thing you can muck around with (it may or may not work for
your application), is to not give your user(s) a valid shell in passwd.

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] gnome users in a one app prison
Next message: [KLUG Members] gnome users in a one app prison
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]