|
|
|
In KDE3 a kiosk-framework has been introduced.
|
|
|
|
|
|
|
|
One of the driving forces behind KDE is to put the user in control and
|
|
|
|
give him or her a large amount of possibilities to adjust KDE to his or her
|
|
|
|
liking. However, in some situations it is required to reduce the possibilities
|
|
|
|
of KDE, e.g. because the system is to be used for one or more specific
|
|
|
|
dedicated tasks only.
|
|
|
|
|
|
|
|
The kiosk-framework provides an easy way to disable certain features within
|
|
|
|
KDE to create a more controlled environment.
|
|
|
|
|
|
|
|
KDE's kiosk-framework builds on KDE's configuration framework and adds a
|
|
|
|
simple application API that applications can query to get authorisation
|
|
|
|
for certain operations.
|
|
|
|
|
|
|
|
The KDE kiosk-framework should be used IN ADDITION to the standard UNIX
|
|
|
|
security measures.
|
|
|
|
|
|
|
|
The configuration framework in KDE3
|
|
|
|
===================================
|
|
|
|
|
|
|
|
Since the very beginning KDE makes use of file-hierarchy to store resources
|
|
|
|
for its applications. Resources range from icons, wallpapers, fonts to
|
|
|
|
sounds, menu-descriptions and configuration files.
|
|
|
|
|
|
|
|
In KDE1 there were two locations were resources could be located: The
|
|
|
|
resources provided by the system were located under $KDEDIR and user-
|
|
|
|
specific resources were located under $HOME/.trinity.
|
|
|
|
|
|
|
|
In KDE2 resource management has been largely abstracted by the introduction
|
|
|
|
of the KStandardDirs class and has become much more flexible. The user /
|
|
|
|
administrator can now specify a variable number of locations where resources
|
|
|
|
can be found. A list of locations can either be specified via $KDEDIRS
|
|
|
|
(notice the extra 'S'), via /etc/kderc and even via the kdeglobals config
|
|
|
|
file. The location where user-specific resources can be found can be
|
|
|
|
set with $KDEHOME (The default is $HOME/.trinity). Changes made by the user
|
|
|
|
are always written back to $KDEHOME.
|
|
|
|
|
|
|
|
Both KDE1 and KDE2 feature so called "cascading configuration files": There
|
|
|
|
can be multiple configuration files with the same name in the various
|
|
|
|
locations for (config) resources, when that is the case, the information of
|
|
|
|
all these configuration files is combined on a key by key basis. If the same
|
|
|
|
key (within a certain group) is defined in more than one place, the value
|
|
|
|
of the key for the config file that was read last will override any previously
|
|
|
|
read values. Configuration files under $KDEHOME are always read last. This
|
|
|
|
ensures that after a configuration entry is written, the same value wil be
|
|
|
|
read back.
|
|
|
|
|
|
|
|
In KDE3 two important changes have been made:
|
|
|
|
|
|
|
|
* Default values are no longer written.
|
|
|
|
When a configuration file in a location other than $KDEHOME defines a value
|
|
|
|
for a key and the application subsequently writes out a new configuration file
|
|
|
|
to $KDEHOME, that configuration file will only contain an entry for the key
|
|
|
|
if its value differs from the value read from the other file.
|
|
|
|
|
|
|
|
This counters the problem that changing default configuration files under
|
|
|
|
$KDEDIR would not take effect for users, since these users would most likely
|
|
|
|
have their own copy of these settings under $KDEHOME. KDE3 will make sure
|
|
|
|
not to copy these settings so changes made under $KDEDIR will affect all users
|
|
|
|
that haven't explicitly changed the affected settings to something else.
|
|
|
|
|
|
|
|
* Configuration entries can be marked "immutable".
|
|
|
|
Starting with KDE3, configuration entries can be marked "immutable". When a
|
|
|
|
configuration entry is immutable it means that configuration files that are
|
|
|
|
read later will not be able to override its value. Immutable entries cannot
|
|
|
|
be changed via KConfig and if the entry is present under $KDEHOME it will
|
|
|
|
be ignored.
|
|
|
|
|
|
|
|
Entries can be marked immutable on 4 different levels:
|
|
|
|
|
|
|
|
- On an entry by entry basis by appending "[$i]" after the key.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
[MyGroup]
|
|
|
|
someKey[$i]=42
|
|
|
|
|
|
|
|
- On a group by group basis by appending "[$i]" after the group. All entries
|
|
|
|
specified in the group will be marked immutable and no new entries can be
|
|
|
|
added to the group.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
[MyGroup][$i]
|
|
|
|
someKey=42
|
|
|
|
|
|
|
|
- On a file by file basis by starting the file with [$i].
|
|
|
|
|
|
|
|
Example:
|
|
|
|
[$i]
|
|
|
|
[MyGroup]
|
|
|
|
someKey=42
|
|
|
|
[MyOtherGroup]
|
|
|
|
someOtherKey=11
|
|
|
|
|
|
|
|
- On a directory basis. [Not yet implemented]
|
|
|
|
|
|
|
|
- The filesystem can also be used to mark files immutable. If KDE does not
|
|
|
|
have write-access to the user's version of a configuration file, the file
|
|
|
|
will be automatically considered immutable.
|
|
|
|
|
|
|
|
To make the configration file of kicker (the panel) immutable one could for
|
|
|
|
example use the commands below.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
chown root.root /home/user/.trinity/share/config/kickerrc
|
|
|
|
chmod 644 /home/user/.trinity/share/config/kickerrc
|
|
|
|
|
|
|
|
If you do this, the user will be warned that the configuration file is not
|
|
|
|
writable. Since you will normally not want that, you can add the following
|
|
|
|
two lines to the application's configuration file (or to kdeglobals to
|
|
|
|
disable the warning for all applications):
|
|
|
|
|
|
|
|
[KDE Action Restrictions]
|
|
|
|
warn_unwritable_config=false
|
|
|
|
|
|
|
|
Note that the avove example is not fool-proof, the user can potentially still
|
|
|
|
rename either the root-owned kickerrc file or any of the directories in
|
|
|
|
the path to another name and create a new kickerrc _with_ write-access.
|
|
|
|
|
|
|
|
KDE3 Action Restrictions
|
|
|
|
========================
|
|
|
|
|
|
|
|
Most functionality within KDE is coupled to so called actions. For example when a user
|
|
|
|
selects the File->Open option in the menubar of a KDE application, the "file_open"
|
|
|
|
action is activated. Likewise, toolbar icons are usually also coupled to actions. KDE
|
|
|
|
makes it possible to disable functionality by restricting specific actions. By restricting the
|
|
|
|
"file_open" action for example, the corresponding entry in the menubar and the corresponding icon on
|
|
|
|
the toolbar, if any, will disappear.
|
|
|
|
|
|
|
|
To restrict access to function the kdeglobals file should contain the
|
|
|
|
group "[KDE Action Restrictions]", each action can then be restricted by
|
|
|
|
adding "<action>=false". E.g. to disable the action "shell_access" one
|
|
|
|
would add:
|
|
|
|
[KDE Action Restrictions][$i]
|
|
|
|
shell_access=false
|
|
|
|
|
|
|
|
Actions that refer to menu and toolbar actions are prefixed with 'action/'.
|
|
|
|
The following standard actions are defined:
|
|
|
|
|
|
|
|
action/file_new
|
|
|
|
action/file_open
|
|
|
|
action/file_open_recent
|
|
|
|
action/file_save
|
|
|
|
action/file_save_as
|
|
|
|
action/file_revert
|
|
|
|
action/file_close
|
|
|
|
action/file_print
|
|
|
|
action/file_print_preview
|
|
|
|
action/file_mail
|
|
|
|
action/file_quit
|
|
|
|
action/edit_undo
|
|
|
|
action/edit_redo
|
|
|
|
action/edit_cut
|
|
|
|
action/edit_copy
|
|
|
|
action/edit_paste
|
|
|
|
action/edit_select_all
|
|
|
|
action/edit_deselect
|
|
|
|
action/edit_find
|
|
|
|
action/edit_find_next
|
|
|
|
action/edit_find_last
|
|
|
|
action/edit_replace
|
|
|
|
action/view_actual_size
|
|
|
|
action/view_fit_to_page
|
|
|
|
action/view_fit_to_width
|
|
|
|
action/view_fit_to_height
|
|
|
|
action/view_zoom_in
|
|
|
|
action/view_zoom_out
|
|
|
|
action/view_zoom
|
|
|
|
action/view_redisplay
|
|
|
|
action/go_up
|
|
|
|
action/go_back
|
|
|
|
action/go_forward
|
|
|
|
action/go_home
|
|
|
|
action/go_previous
|
|
|
|
action/go_next
|
|
|
|
action/go_goto
|
|
|
|
action/go_goto_page
|
|
|
|
action/go_goto_line
|
|
|
|
action/go_first
|
|
|
|
action/go_last
|
|
|
|
action/bookmarks // See note below
|
|
|
|
action/bookmark_add
|
|
|
|
action/bookmark_edit
|
|
|
|
action/tools_spelling
|
|
|
|
action/options_show_menubar
|
|
|
|
action/options_show_toolbar // See note below
|
|
|
|
action/options_show_statusbar
|
|
|
|
action/options_save_options
|
|
|
|
action/options_configure
|
|
|
|
action/options_configure_keybinding
|
|
|
|
action/options_configure_toolbars
|
|
|
|
action/options_configure_notifications
|
|
|
|
action/help // See note below
|
|
|
|
action/help_contents
|
|
|
|
action/help_whats_this
|
|
|
|
action/help_report_bug
|
|
|
|
action/help_about_app
|
|
|
|
action/help_about_kde
|
|
|
|
action/fullscreen
|
|
|
|
|
|
|
|
Actions in the KDE File Dialog:
|
|
|
|
action/home // Go to home directory
|
|
|
|
action/up // Go to parent directory
|
|
|
|
action/back // Go to previous directory
|
|
|
|
action/forward // Go to next directory
|
|
|
|
action/reload // Reload directory
|
|
|
|
action/mkdir // Create new directory
|
|
|
|
action/toggleSpeedbar // Show/hide sidebar
|
|
|
|
action/sorting menu // Sorting options
|
|
|
|
action/short view // Select short view
|
|
|
|
action/detailed view // Select detailed view
|
|
|
|
action/show hidden // Show/hide hidden files
|
|
|
|
action/preview // Show/hide preview
|
|
|
|
action/separate dirs // Show/hide separate directories
|
|
|
|
|
|
|
|
|
|
|
|
Konqueror & KDesktop related:
|
|
|
|
action/editfiletype
|
|
|
|
action/properties
|
|
|
|
action/openwith
|
|
|
|
action/openintab
|
|
|
|
action/kdesktop_rmb // RMB menu, see note below
|
|
|
|
action/iconview_preview
|
|
|
|
action/sharefile // File sharing, see note below
|
|
|
|
action/sendURL // Send Link Address
|
|
|
|
action/sendPage // Send File
|
|
|
|
action/devnew // Create New -> Device
|
|
|
|
action/incIconSize // Increase icon size
|
|
|
|
action/decIconSize // Decrease icon size
|
|
|
|
action/go // Entire go menu
|
|
|
|
action/configdesktop // Configure desktop in RMB menu, see also Control Module Restrictions
|
|
|
|
action/executeshellcommand // In Konqueror Tools menu, see also shell_access
|
|
|
|
action/show_dot // Show Hidden Files, see note below
|
|
|
|
|
|
|
|
|
|
|
|
Kicker related:
|
|
|
|
action/kicker_rmb // RMB menu
|
|
|
|
action/menuedit
|
|
|
|
|
|
|
|
|
|
|
|
KWin related:
|
|
|
|
action/kwin_rmb // RMB window context menu
|
|
|
|
|
|
|
|
Konsole related:
|
|
|
|
action/konsole_rmb // RMB context menu
|
|
|
|
|
|
|
|
action/settings // Entire settings menu
|
|
|
|
action/show_menubar
|
|
|
|
action/show_toolbar
|
|
|
|
action/scrollbar
|
|
|
|
action/fullscreen
|
|
|
|
action/bell
|
|
|
|
action/font
|
|
|
|
action/keyboard
|
|
|
|
action/schema
|
|
|
|
action/size
|
|
|
|
action/history
|
|
|
|
action/save_default
|
|
|
|
action/save_sessions_profile
|
|
|
|
action/options_configure_notifications
|
|
|
|
action/options_configure_keybinding
|
|
|
|
action/options_configure
|
|
|
|
|
|
|
|
action/send_signal
|
|
|
|
action/bookmarks
|
|
|
|
action/add_bookmark
|
|
|
|
action/edit_bookmarks
|
|
|
|
action/clear_terminal
|
|
|
|
action/reset_clear_terminal
|
|
|
|
action/find_history
|
|
|
|
action/find_next
|
|
|
|
action/find_previous
|
|
|
|
action/save_history
|
|
|
|
action/clear_history
|
|
|
|
action/clear_all_histories
|
|
|
|
action/detach_session
|
|
|
|
action/rename_session
|
|
|
|
action/zmodem_upload
|
|
|
|
action/monitor_activity
|
|
|
|
action/monitor_silence
|
|
|
|
action/send_input_to_all_sessions
|
|
|
|
action/close_session
|
|
|
|
action/new_session
|
|
|
|
action/activate_menu
|
|
|
|
action/list_sessions
|
|
|
|
action/move_session_left
|
|
|
|
action/move_session_right
|
|
|
|
action/previous_session
|
|
|
|
action/next_session
|
|
|
|
action/switch_to_session_1
|
|
|
|
action/switch_to_session_2
|
|
|
|
action/switch_to_session_3
|
|
|
|
action/switch_to_session_4
|
|
|
|
action/switch_to_session_5
|
|
|
|
action/switch_to_session_6
|
|
|
|
action/switch_to_session_7
|
|
|
|
action/switch_to_session_8
|
|
|
|
action/switch_to_session_9
|
|
|
|
action/switch_to_session_10
|
|
|
|
action/switch_to_session_11
|
|
|
|
action/switch_to_session_12
|
|
|
|
action/bigger_font
|
|
|
|
action/smaller_font
|
|
|
|
action/toggle_bidi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Notes:
|
|
|
|
* action/options_show_toolbar will also disable the "Toolbars" submenu
|
|
|
|
if present.
|
|
|
|
* action/bookmarks also disables action/bookmark_add and action/bookmark_edit
|
|
|
|
* action/help is not yet fully implemented
|
|
|
|
* action/kdesktop_rmb disables the RMB menu but some actions may still be accesible
|
|
|
|
via keyboard shortcuts: cut/copy/rename/trash/delete
|
|
|
|
* action/iconview_preview disables the option to toggle previews on or off
|
|
|
|
in icon mode but the actual preview settings remains unaffected.
|
|
|
|
To disable previews you also need to add the following lines to
|
|
|
|
konqiconviewrc:
|
|
|
|
[Settings]
|
|
|
|
PreviewsEnabled[$i]=false
|
|
|
|
* action/show_dot disables the option to toggle showing hidden files, the actual
|
|
|
|
setting remains unaffected.
|
|
|
|
To disable showing hidden files, add the following lines to konqiconviewrc:
|
|
|
|
[Settings]
|
|
|
|
ShowDotFiles[$i]=false
|
|
|
|
* action/sharefile disables file sharing from the UI, but you may also want
|
|
|
|
to disable filesharing altogether.
|
|
|
|
|
|
|
|
|
|
|
|
Applications may use additional actions that they defined themselves.
|
|
|
|
You can get a list of the actions used by a certain applications by using the
|
|
|
|
following dcop command:
|
|
|
|
|
|
|
|
dcop <dcopid> qt objects | grep KActionCollection/ | cut -d '/' -f 3
|
|
|
|
|
|
|
|
or with
|
|
|
|
|
|
|
|
dcop <dcopid> <maindwindowid> actions
|
|
|
|
|
|
|
|
|
|
|
|
Actions that refer to applications that need to be run as a different user
|
|
|
|
are prefixed by user/ and identified by the username. For example:
|
|
|
|
|
|
|
|
user/root=false
|
|
|
|
|
|
|
|
will disable all application entries that require root access.
|
|
|
|
|
|
|
|
|
|
|
|
Printing related action restrictions:
|
|
|
|
|
|
|
|
print/system
|
|
|
|
- disables the option to select the printing system (backend). It is
|
|
|
|
recommended to disable this option once the correct printing
|
|
|
|
system has been configured.
|
|
|
|
|
|
|
|
print/properties
|
|
|
|
- disables the button to change printer properties or to add a new printer.
|
|
|
|
|
|
|
|
print/options
|
|
|
|
- disables the button to select additional print options.
|
|
|
|
|
|
|
|
print/copies
|
|
|
|
- disables the panel that allows users to make more than one copy.
|
|
|
|
|
|
|
|
print/selection
|
|
|
|
- disables the options that allows selecting a (pseudo) printer or
|
|
|
|
change any of the printer properties. Make sure that a proper
|
|
|
|
default printer has been selected before disabling this option.
|
|
|
|
Disabling this option also disables print/system, print/options
|
|
|
|
and print/properties.
|
|
|
|
|
|
|
|
print/dialog
|
|
|
|
- disables the complete print dialog. Selecting the print option will
|
|
|
|
immediately print the selected document using default settings.
|
|
|
|
Make sure that a system wide default printer has been selected.
|
|
|
|
No application specific settings are honored.
|
|
|
|
|
|
|
|
Other defined actions:
|
|
|
|
|
|
|
|
shell_access
|
|
|
|
- defines whether a shell suitable for entering random commands
|
|
|
|
may be started. This also determines whether the "Run Command"
|
|
|
|
option (Alt-F2) can be used to run shell-commands and arbitrary
|
|
|
|
executables. Likewise, executables placed in the user's
|
|
|
|
Autostart folder will no longer be executed. Applications can
|
|
|
|
still be autostarted by placing .desktop files in the $KDEHOME/Autostart
|
|
|
|
or $KDEDIR/share/autostart directory.
|
|
|
|
See also run_desktop_files.
|
|
|
|
|
|
|
|
custom_config
|
|
|
|
- defines whether the --config command line option should be honored.
|
|
|
|
The --config command line option can be used to circumvent
|
|
|
|
locked-down configuration files.
|
|
|
|
|
|
|
|
logout
|
|
|
|
- defines whether the user will be able to logout from KDE.
|
|
|
|
|
|
|
|
lock_screen
|
|
|
|
- defines whether the user will be able to lock the screen.
|
|
|
|
|
|
|
|
run_command
|
|
|
|
- defines whether the "Run Command" (Alt-F2) option is available.
|
|
|
|
|
|
|
|
movable_toolbars
|
|
|
|
- define whether toolbars may be moved around by the user.
|
|
|
|
See also action/options_show_toolbar.
|
|
|
|
|
|
|
|
editable_desktop_icons
|
|
|
|
- define whether icons on the desktop can be moved, renamed,
|
|
|
|
deleted or added. You might want to set the path for
|
|
|
|
the Desktop to some read-only directory as well.
|
|
|
|
(Instead of $HOME/Desktop)
|
|
|
|
|
|
|
|
run_desktop_files
|
|
|
|
- defines whether users may execute desktop files that are not
|
|
|
|
part of the default desktop, KDE menu, registered services and
|
|
|
|
autostarting services.
|
|
|
|
* The default desktop includes the files under
|
|
|
|
$KDEDIR/share/kdesktop/Desktop but _NOT_ the files under
|
|
|
|
$HOME/Desktop.
|
|
|
|
* The KDE menu includes all files under $KDEDIR/share/applnk and
|
|
|
|
$XDGDIR/applications
|
|
|
|
* Registered services includes all files under $KDEDIR/share/services.
|
|
|
|
* Autostarting services include all files under $KDEDIR/share/autostart
|
|
|
|
but _NOT_ the files under $KDEHOME/Autostart
|
|
|
|
|
|
|
|
You probably also want to activate the following resource
|
|
|
|
restictions:
|
|
|
|
"appdata_kdesktop" - To restrict the default desktop.
|
|
|
|
"apps" - To restrict the KDE menu.
|
|
|
|
"xdgdata-apps" - To restrict the KDE menu.
|
|
|
|
"services" - To restrict registered services.
|
|
|
|
"autostart" - To restrict autostarting services.
|
|
|
|
Otherwise users can still execute .desktop files by placing them
|
|
|
|
in e.g. $KDEHOME/share/kdesktop/Desktop
|
|
|
|
|
|
|
|
lineedit_text_completion
|
|
|
|
- defines whether input lines should have the potential to remember
|
|
|
|
any previously entered data and make suggestions based on this
|
|
|
|
when typing. When a single account is shared by multiple people you
|
|
|
|
may wish to disable this out of privacy concerns.
|
|
|
|
|
|
|
|
start_new_session
|
|
|
|
- defines whether the user may start a second X session.
|
|
|
|
See also the kdm configuration.
|
|
|
|
|
|
|
|
switch_user
|
|
|
|
- defines whether user switching via kdm is allowed
|
|
|
|
|
|
|
|
skip_drm
|
|
|
|
- defines if the user may omit DRM checking.
|
|
|
|
Currently only used by kpdf
|
|
|
|
|
|
|
|
Screensaver related:
|
|
|
|
opengl_screensavers
|
|
|
|
- defines whether OpenGL screensavers are allowed to be used.
|
|
|
|
|
|
|
|
manipulatescreen_screensavers
|
|
|
|
- defines whether screensavers that manipulate an image of the screen
|
|
|
|
(e.g. moving chunks of the screen around) are allowed to be used.
|
|
|
|
|
|
|
|
When configuration files are marked immutable in whole or in part the user will no
|
|
|
|
longer be able to make permanent changes to the settings that have been marked
|
|
|
|
immutable. Ideally the application will recognize this and will no longer offer the
|
|
|
|
user the possibility to change these settings. Unfortunately not all applications
|
|
|
|
support this at the moment. It's therefor possible that the user will still be
|
|
|
|
presented with an option in the user interface to change a setting that is
|
|
|
|
immutable, changes made this way will not be saved though. In some cases the
|
|
|
|
user may be able to use the changed setting till the application terminates, in
|
|
|
|
other cases the changed setting will simply be ignored and the application will
|
|
|
|
continue to work with the immutable setting.
|
|
|
|
|
|
|
|
The following applications currently detect when their configuration files have been
|
|
|
|
marked immutable and adjust their user interface accordingly:
|
|
|
|
|
|
|
|
* kicker - By marking the kickerrc config file as immutable, the panel will be
|
|
|
|
"locked down" and it will not be possible to make any changes to it.
|
|
|
|
|
|
|
|
* kdesktop - By marking the kdesktoprc config file as immutable, the desktop
|
|
|
|
will be "locked down" and it will no longer be possible to select
|
|
|
|
"Configure Desktop" from its menus.
|
|
|
|
|
|
|
|
* kcalc - By marking the kcalcrc config file as immutable, the "Configure" button
|
|
|
|
will not be shown
|
|
|
|
|
|
|
|
Application .desktop files can have an additional field "X-KDE-AuthorizeAction".
|
|
|
|
If this field is present the .desktop file is only considered if the action(s)
|
|
|
|
mentioned in this field has been authorized. If multiple actions are listed
|
|
|
|
they should be separated by commas (','). So if the .desktop file of an application
|
|
|
|
lists one or more actions this way and the user has no authorization for one
|
|
|
|
of these actions then the application will not appear in the KDE menu and will not
|
|
|
|
be used by KDE for opening files.
|
|
|
|
|
|
|
|
IMPORTANT NOTE:
|
|
|
|
Changing restrictions may influence the data that is cached in the ksycoca
|
|
|
|
database. Since changes to .../share/config/kdeglobals do not trigger an
|
|
|
|
automatic ksycoca update you need to force an update manually.
|
|
|
|
To force an update of the ksycoca database touch the file
|
|
|
|
.../share/services/update_ksycoca. This will force a user's sycoca database
|
|
|
|
to be rebuild the next time the user logs in.
|
|
|
|
|
|
|
|
KDE3 URL Restrictions
|
|
|
|
=====================
|
|
|
|
|
|
|
|
It is also possible to restrict URL related actions. The restriction framework
|
|
|
|
can disable URL actions based on the action, the URL in question and in some cases
|
|
|
|
the referring URL. URLs can be matched based on protocol, host and path.
|
|
|
|
|
|
|
|
The syntax for adding URL action restrictions to kdeglobals is as follows:
|
|
|
|
|
|
|
|
[KDE URL Restrictions]
|
|
|
|
rule_count=<N>
|
|
|
|
rule_1=<action>,<referingURL_protocol>,<referingURL_host>,<referingURL_path>,<URL_protocol>,<URL_host>,<URL_path>,<enabled>
|
|
|
|
...
|
|
|
|
rule_N=<action>,<referingURL_protocol>,<referingURL_host>,<referingURL_path>,<URL_protocol>,<URL_host>,<URL_path>,<enabled>
|
|
|
|
|
|
|
|
The following actions are supported:
|
|
|
|
redirect - e.g. a html-page obtained via HTTP could redirect itself to file:/path/some-file. This
|
|
|
|
is disabled by default but could be explicitly enabled for a specific HTTP host.
|
|
|
|
This also applies to links contained in html documents.
|
|
|
|
Example: rule_1=redirect,http,myhost.acme.com,,file,,,true
|
|
|
|
|
|
|
|
list - This controls which directories can be browsed with KDE's file-dialogs. If a user
|
|
|
|
should only be able to browse files under home directory one could use:
|
|
|
|
rule_1=list,,,,file,,,false
|
|
|
|
rule_2=list,,,,file,,$HOME,true
|
|
|
|
The first rule disables browing any directories on the local filesystem. The second rule
|
|
|
|
then enables browsing the users home directory.
|
|
|
|
|
|
|
|
open - This controls which files can be opened by the user in applications. It also
|
|
|
|
affects where users can save files. To only allow a user to open the files
|
|
|
|
in his own home directory one could use:
|
|
|
|
rule_1=open,,,,file,,,false
|
|
|
|
rule_2=open,,,,file,,$HOME,true
|
|
|
|
rule_3=open,,,,file,,$TMP,true
|
|
|
|
Note that with the above, users would still be able to open files from
|
|
|
|
the internet. Note that the user is also given access to $TMP in order to
|
|
|
|
ensure correct operation of KDE applications. $TMP is replaced with the
|
|
|
|
temporary directory that KDE uses for this user.
|
|
|
|
|
|
|
|
Some remarks:
|
|
|
|
* empty entries match everything
|
|
|
|
* host names may start with a wildcard, e.g. "*.acme.com"
|
|
|
|
* a protocol also matches similar protocols that start with the same name,
|
|
|
|
e.g. "http" matches both http and https. You can use "http!" if you only want to
|
|
|
|
match http (and not https)
|
|
|
|
* specifying a path matches all URLs that start with the same path. For better results
|
|
|
|
you should not include a trailing slash. If you want to specify one specific path, you can
|
|
|
|
add an exclamation mark. E.g. "/srv" matches both "/srv" and "/srv/www" but "/srv!" only
|
|
|
|
matches "/srv" and not "/srv/www".
|
|
|
|
|
|
|
|
|
|
|
|
KDE3 Resource Restrictions
|
|
|
|
==========================
|
|
|
|
Most KDE applications make use of additional resource files that are typically
|
|
|
|
located in directories under $KDEDIR/share. By default KDE allows users to
|
|
|
|
override any of these resources by placing files in the same location
|
|
|
|
under $KDEHOME/share. For example, Konsole stores profiles under
|
|
|
|
$KDEDIR/share/apps/konsole and users can add additional profiles by
|
|
|
|
installing files in $KDEHOME/share/apps/konsole.
|
|
|
|
|
|
|
|
KDE3 Resource Restrictions make it possible to restrict the lookup of files
|
|
|
|
to directories outside of $KDEHOME only.
|
|
|
|
|
|
|
|
The following resources are defined:
|
|
|
|
|
|
|
|
autostart - share/autostart
|
|
|
|
data - share/apps
|
|
|
|
html - share/doc/tde/HTML
|
|
|
|
icon - share/icon
|
|
|
|
config - share/config
|
|
|
|
pixmap - share/pixmaps
|
|
|
|
apps - share/applnk
|
|
|
|
xdgdata-apps - share/applications
|
|
|
|
sound - share/sounds
|
|
|
|
locale - share/locale
|
|
|
|
services - share/services
|
|
|
|
servicetypes - share/servicetypes
|
|
|
|
mime - share/mimelnk
|
|
|
|
wallpaper - share/wallpapers
|
|
|
|
templates - share/templates
|
|
|
|
exe - bin
|
|
|
|
lib - lib
|
|
|
|
|
|
|
|
For the purpose of resource restrictions there are two special resources:
|
|
|
|
all - covers all resources
|
|
|
|
data_<appname> - covers the sub section for <appname> in the data resource.
|
|
|
|
|
|
|
|
To restrict resources the kdeglobals file should contain the
|
|
|
|
group "[KDE Resource Restrictions]", each resource can then be restricted by
|
|
|
|
adding "<resource>=false". E.g. to restrict the "wallpaper" resource to
|
|
|
|
$KDEDIR/share/wallpapers one would add:
|
|
|
|
[KDE Resource Restrictions][$i]
|
|
|
|
wallpaper=false
|
|
|
|
|
|
|
|
And to prevent a user from adding additional konsole profiles, one would add:
|
|
|
|
[KDE Resource Restrictions][$i]
|
|
|
|
data_konsole=false
|
|
|
|
|
|
|
|
|
|
|
|
Control Module Restrictions
|
|
|
|
===========================
|
|
|
|
|
|
|
|
It is possible to restrict access to particular control modules.
|
|
|
|
Although it is possible to remove control modules from the Control
|
|
|
|
Center by editing the menu structure, such modules will then still
|
|
|
|
be available to applications. A better way is to use the control
|
|
|
|
module restrictions offered by KIOSK:
|
|
|
|
|
|
|
|
[KDE Control Module Restrictions][$i]
|
|
|
|
<menu-id>=false
|
|
|
|
|
|
|
|
Some example menu-ids are:
|
|
|
|
|
|
|
|
kde-display.desktop
|
|
|
|
kde-proxy.desktop
|
|
|
|
kde-screensaver.desktop
|
|
|
|
|
|
|
|
See also kcmshell --list for a list of all the base names.
|
|
|
|
|
|
|
|
Expansion of environment variables in KDE config files.
|
|
|
|
=======================================================
|
|
|
|
|
|
|
|
In KDE3.1 arbitrary entries in configuration files can contain environment
|
|
|
|
variables. In order to use this the entry must be marked with [$e].
|
|
|
|
|
|
|
|
Example:
|
|
|
|
Name[$e]=$USER
|
|
|
|
|
|
|
|
When the "Name" entry is read $USER will be replaced with the value of the
|
|
|
|
$USER environment variable. Note that the application will replace $USER
|
|
|
|
with the value of the environment variable after saving. To prevent this
|
|
|
|
combine the $e option with $i (immmutable) option.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
Name[$ei]=$USER
|
|
|
|
|
|
|
|
The above will make that the "Name" entry will always return the value of
|
|
|
|
the $USER environment variable. The user will not be able to change this entry.
|
|
|
|
|
|
|
|
The following syntax is also supported:
|
|
|
|
Name[$ei]=${USER}
|
|
|
|
|
|
|
|
|
|
|
|
KDE3 Kiosk Application API
|
|
|
|
==========================
|
|
|
|
|
|
|
|
Three new methods have been added to KApplication:
|
|
|
|
|
|
|
|
- bool authorize(QString action); // Generic actions
|
|
|
|
- bool authorizeKAction(QString action); // For KActions exclusively
|
|
|
|
- bool authorizeURLAction(QString, referringURL, destinationURL) // URL Handling
|
|
|
|
|
|
|
|
Automatic Logout
|
|
|
|
================
|
|
|
|
|
|
|
|
Since KDE 3.4 it is possible to automatically logout users that have been idle
|
|
|
|
for a certain period of time.
|
|
|
|
|
|
|
|
WARNING: Be careful with this option, logging out a user may result in dataloss!
|
|
|
|
|
|
|
|
In kdesktoprc you can use the following entry to enable automatic logout:
|
|
|
|
|
|
|
|
[ScreenSaver]
|
|
|
|
AutoLogout=true
|
|
|
|
AutoLogoutTimeout=600
|
|
|
|
|
|
|
|
The AutoLogoutTimeout is the time in seconds that the user has to be idle before
|
|
|
|
his session is logged out.
|