Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

Lockdown Editor

As of GNOME 2.14, a graphical lockdown editor called Pessulus has been included to ease the task of disabling desktop settings.

Getting Started

To run the lockdown editor:

  • Click the Desktop->Administration->Lockdown Editor

  • Run the pessulus command in a terminal window.

You will see a window with several different tabs. Each of the tabs represents a different category of desktop settings that can be disabled. In the next section, we will discuss each category and provide a brief description for each setting that can be disabled.

Disabling Features

To disable a setting, make sure the checkbox next to the setting's description is checked. Most settings will take effect immediately, however some settings will require that the application be restarted in order to take effect.

When pessulus starts, it will try to get a connection to the GConf mandatory configuration source. This address for this configuration source is xml:merged:$prefix/etc/gconf/gconf.xml.mandatory. If the user that is running pessulus has access to this configuration source, then a lock icon will be displayed next to the checkbox for each setting. Clicking the lock will toggle whether or not the setting is mandatory. If the setting is mandatory, then regular users will not be able to change or override the setting. If the user running pessulus does not have access to the mandatory configuration source, then the lock icon will not appear. In this case, all disabled settings will simply be stored in the user's default configuration source and can be modified later using other tools such as gconf-editor or gconftool-2. For more information on GConf and mandatory configuration sources, see the section called “GConf Configuration Sources”.

The following subsections will give a brief description of the settings that can be disabled for each category.

Note

Depending on the applications you have installed, you may see fewer categories than those described in this section.

General

Disable command line

Prevent the user from accessing the terminal or specifying a command line to be executed. For example, this would disable access to the panel's "Run Application" dialog.

Disable printing

Prevent the user from printing. For example, this would disable access to all applications' "Print" dialogs.

Disable print setup

Prevent the user from modifying print settings. For example, this would disable access to all applications' "Print Setup" dialogs.

Disable save to disk

Prevent the user from saving files to disk. For example, this would disable access to all applications' "Save as" dialogs.

Panel

Lock down the panels

If true, the panel will not allow any changes to the configuration of the panel. Individual applets may need to be locked down separately however. The panel must be restarted for this to take effect.

Disable force quit

If true, the panel will not allow a user to force an application to quit by removing access to the force quit button.

Disable lock screen

If true, the panel will not allow a user to lock their screen, by removing access to the lock screen menu entries.

Disable log out

If true, the panel will not allow a user to log out, by removing access to the log out menu entries.

Epiphany Web Browser

Disable quit

User is not allowed to close Epiphany.

Disable arbitrary URL

Disable the user's ability to type in a URL to Epiphany.

Disable bookmark editing

Disable the user's ability to add or edit bookmarks.

Disable history

Disable all historical information by disabling back and forward navigation, not allowing the history dialog and hiding the most used bookmarks list.

Disable javascript chrome

Disable JavaScript's control over window chrome.

Disable toolbar editing

Disable the user's ability to edit toolbars.

Force fullscreen mode

Locks Epiphany in fullscreen mode.

Hide menubar

Hide the menubar by default. The menubar can still be accessed using F10.

Disable unsafe protocols

Disables loading of content from unsafe protocols. Safe protocols are http and https.

GNOME Screensaver

Lock on activation

Set this to TRUE to lock the screen when the screensaver goes active.

Allow logout

Set this to TRUE to offer an option in unlock dialog to logging out after a delay. The Delay is specified in the "logout_delay" key.

Allow user switching

Set this to TRUE to offer an option in the unlock dialog to switch to a different user account.

Previous
Locking Down Setting Manually		 GNOME 2.14 Desktop System Administration Guide Next
Hidden Directories

 
 
  Published under the terms of the GNU General Public License Design by Interspire