This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!


Lock down the GNOME desktop with Pessulus

By Anže Vidmar on May 22, 2007 (8:00:00 AM)

Share    Print    Comments   

Looking for a way to limit users' functionality on a publicly available machine, such as a kiosk machine for conference attendees? No one wants people trying to alter their systems for fun or malice. If you're running the GNOME environment, you can turn to a tool called Pessulus -- a lockdown manager for the GNOME desktop.

Pessulus is a Python front end for configuring the Gconf XML configuration files.

The software lets you create a profile that limits a user to a set of application that a system administrator allows. It has a nice, logically structured GUI that allows administrators to choose and click checkboxes on the options that you want to deny for user access. By default all the lockdown functions are unchecked, meaning the system remains configured as is. Also, there is no button to check all the checkboxes at once; you have to choose each one by one. Moving the mouse button over a specific lockdown option gives administrators a description of that function in a popup box.

Pessulus provides four main groups for locking specific sets of applications -- Main, Panel, Epiphany Web browser, and GNOME screensaver. Each group allows an administrator to limit a specific set of software or functions.

The Main category includes lockdown of the command line (terminal), disabling printing (including disabling print setup), and disabling the "save to disk" function, which is useful if you don't want people to save anything on the terminal PC. Checking the Pessulus box to disable "save to disk" actually disables the "Save" function in all applications.

Pessulus thumbnail
Click to enlarge
You can lock down the GNOME panel to prevent users from modifying the default panel configuration or just stop them from adding or removing applets. In this menu, you can also disable the "Log out" button and disable screenlocking. You can prevent users from executing the "force quit" function so that they can't kill any of the running processes. In the lower right side of the Panel menu, you can select what panel applets should be disabled; disabling an applet is as simple as clicking the checkbox in front of it.

Unfortunately, in the third group, you can disable functions only for the Epiphany Web browser and not Firefox or Opera, for example, but this is OK as long you don't have any other Web browser installed on the system. This set of restrictions is useful if you're planning to have a Web-only terminal PC, because you can lock down the important functions such as the quit function, hide the menubar, disable bookmark editing, and disable JavaScript. Unfortunately, there is no option to disable Flash animations. You can also force Epiphany to run only in full screen mode, so that you can turn your box into a Web terminal. And you can disable users' ability to type URLs in Epiphany, and disable loading content from unsafe protocols (anything that is not HTTP or HTTPS).

The GNOME screensaver menu gives you three choices. You can set the screensaver to lock the screen when the screensaver activates, requiring users to type a password if they want to continue, set the option in the unlock dialog to allow users to log out after a delay, or add an option to the unlock dialog to allow user switching.

The only lockdown function that you might miss is the ability to not be able to mount external storage devices (like USB keys).

Pessulus gives you a nice interface for disabling specific user functions on the GNOME desktop, which makes GNOME now a suitable graphical environment for use on publicly available terminals.

Share    Print    Comments   


on Lock down the GNOME desktop with Pessulus

Note: Comments are owned by the poster. We are not responsible for their content.

So how do you actually run it?

Posted by: Anonymous Coward on May 22, 2007 11:37 PM
So, if I want to use this:

1. Do I run it as the kiosk user or as root?

2. Does it write to<nobr> <wbr></nobr>/etc/gconf or ~kiosk/.gconf ? If the latter, what stops the kiosk user modifying the rules? Can you make ~kiosk/.gconf read only?

3. Do the rules apply to all users or just one? Can groups be created with these policies?


Re:So how do you actually run it?

Posted by: Administrator on May 23, 2007 01:17 AM
1. I dunno

2. Sure, chown root:root, chmod a=r,u=rw

3. i dunno

heh, not very useful<nobr> <wbr></nobr>;)


thanks for the user annoyment!

Posted by: Anonymous Coward on May 23, 2007 02:30 AM
I had the pleasure to be on holidays last week. Of course, I couldn't stand the whole time without my precious online access, if only for looking something up.
Naturally you have to pay for whatever there is available. The extortion scheme isn't exactly lessened by internet cafes seriously competing on price or useability. Windows XP and an annoying toolbar- and spyware-riddled IE7 was the only thing available to your pleasure.

Not sure if I'd been any bit more happy, if I had encountered a locked down Gnome desktop instead. Actually, dumbing things down doesn't make them "more secure" - just more annoying to use. And I'm somewhat worried that the anti-user wave and crapware is reaching Linux now. (OTH, we're talking about Gnome, right?)


Re:thanks for the user annoyment!

Posted by: Anonymous Coward on May 23, 2007 02:38 PM
> Actually, dumbing things down doesn't make them "more secure" - just more annoying to use.

Did you even read the article?
Where is this "dumbing down" you are talking of? It's just taking away some features that are not welcome on a public terminal which should be used for webbrowsing. If YOU have no use for it, you are obviously not the intended target audience.

And about the "annoying" part:
Did you ever use a properly configured public terminal? Oviously not. You could be glad to be allowed to move the mouse. (Okay, that was a bit exaggerated, but you get the idea)


take a liveCD and USB for the internet cafe

Posted by: Anonymous Coward on May 23, 2007 09:29 PM
It won't help the cost you pay but if you can reboot with a liveCD or USB then you can have your own OS read-only and seporate from the crapware choked public OS.



Posted by: Anonymous Coward on May 23, 2007 01:04 PM
sabayon is way better. it basically provides an xnest session for administrators to create profiles. these profiles can then be deployed network wide



Posted by: Anonymous Coward on May 23, 2007 04:40 PM
Sabayon and Pessulus are completementary products, not competitors. Sabayon is for rolling out multiple desktops across a network with identical featuresets, like you would do in a big business. Pessulus is purely for lockdown, which Sabayon doesn't really cover (AUIU). You would probably use _both_ in order to lock-down and deploy profiles.



Re:The basic idea is flawed

Posted by: Anonymous Coward on May 23, 2007 02:42 PM
How do I promoted distro?

If someone is perfectly fine with the result of the gconf-preferences, why should he BUY a distro where he couldn't even find out about the price on the website?


The basic idea is flawed

Posted by: Administrator on May 23, 2007 01:58 AM
while this is clearly a useful tool. The proposed use (Public PCs) is not the right application for this tool. The basic idea that by limiting what users can do within will ever comprehensively protect the privacy of users and the security of the Linux PC is fighting an uphill battle. Cleanup at the end of a session is truly the only way to ensure security and privacy of users. There is a great linux distro out there that does this and is designed specifically for public computers:
<a href="" title=""></a>


Lock down the GNOME desktop with Pessulus

Posted by: Anonymous [ip:] on August 07, 2007 01:55 PM
Perfect for kiosks and other such situations where limiting the user to pertinent apps. I intend to use it in my home for the "hey man can I borrow your computer real quick", setting up a dumpster portal and this is going to be on it. It gets very old having "experts" mess with my machines, specially when they are friends who "mean well".


This story has been archived. Comments can no longer be posted.

Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya