Locking down KDE with Kiosk

Lock Down

Article from Issue 159/2014
Author(s):

KDE Kiosk lets administrators control user environments, including settings, themes, and access to the command shell and designated peripherals.

KDE Kiosk [1] is a framework for restricting features on users' desktops. As a system administrator, you can use Kiosk for a variety of reasons, including restricting features on a public terminal, enforcing a uniform wallpaper and theme in a corporate environment, eliminating the need to reset desktops after a lesson in a teaching lab, or increasing security. Kiosk includes more than two hundred settings [2], as well as the ability to lock down basic KDE configuration files.

Kiosk was introduced midway through the KDE 3 release series. For a while, a Kiosk Admin Tool [3] allowed admins to lock down features from the desktop. However, with the start of KDE 4, changes in structure and file names rendered the original Kiosk obsolete.

A new version of Kiosk did not begin to appear until two years after the release of KDE 4.0, which was more than enough time for people to conclude that it was not returning. The situation is not improved by the need to explore different versions of the documentation to figure out which one is current. More confusion is caused by the use of similar concepts in the two versions of the framework that are not identical.

The most recent version of Kiosk remains a work in progress and currently lacks some of the features of the earlier version, such as the ability to block specific URLs in Konqueror. The current version does not have the desktop tool and remains stubbornly a collection of various configuration files.

Basic Concepts

Normally, you would lock down a KDE desktop by changing permissions to write-protect configuration files, but that is an all-or-nothing choice. By contrast, Kiosk provides precise, logical controls that allow you to set up users' desktops exactly the way you want.

To begin using Kiosk, you first need to understand that it works mainly in two files: /etc/kde4/kdeglobals and, depending on the distribution and KDE version, ~/.kde/share/config/kdeglobals or ~/.kde4/share/config/kdeglobals. In most distributions, you will have to use a text editor to create /etc/kde4/kdeglobals; but, if it exists, it becomes the default for the ~/.kde/share/config/kdeglobals file for a new account.

You also have the option of adding Kiosk settings (or keys, as the documentation calls them) to other configuration files in ~/.kde/share/config/, such as plasma-desktop-appletsrc or konsolerc. This dispersal might make it more difficult for an advanced user to find and circumvent all keys, but remembering which files contain what can quickly become complicated enough that you are better off avoiding the practice and putting the keys into the kdeglobals files whenever possible. Only a few keys need to be placed in other configuration files.

Within the kdeglobals files, you can organize the keys into sections whose names are enclosed in square brackets. These names are for human use only, and their order does not matter to Kiosk.

Below the section name, enter the keys, one per line. A typical key uses the following structure:

CATEGORY/KEY= FALSE or TRUE

The key's value should be false to remove the feature from a desktop. If the home directory version of kdeglobals is set to true while the default kdeglobals is set to false, the feature will display despite the default, unless its key is marked as immutable in the default (see the "Immutability" box).

Immutability

A configuration file, section, or key can be given priority by marking it as unchangeable, or immutable, with [*i]. You should think twice about setting an entire file as immutable; but, if you do, place [*i] on the first line by itself. To make a section immutable, place [*] at the end the line with the section name. You can make a key immutable by adding [*i] after the category/key and before the equals sign.

Ordinarily, the keys in /etc/kde4/kdeglobals are applied automatically, unless they are specifically contradicted by ~/.kde/share/config/kdeglobals. However, any section or key in /etc/kde4/kdeglobals will automatically override the settings for the same section or key in ~/.kde/share/config/kdeglobals – even if it is also marked as immutable.

A typical section of a kdeglobals file might look like this:

[Plasma Desktop]
plasma-desktop/scripting_console=false
plama-desktop/add_activities=false

These settings make the Plasma scripting console inaccessible and prevent adding Activities.

Applying Kiosk Keys

Once you understand how Kiosk uses configuration files, applying a control is a matter of adding a category and key and setting its value – generally to false. The only time you will want a true value is when the default kdeglobals file does not set anything immutable, and you want the home directory version to override it.

Kiosk includes far too many keys to discuss in their entirety, but the items listed in Tables 1, 2, and 3 are some of the more useful and are organized by suggested sections. Most key names are self-explanatory.

Table 1

Restrictions for All Plasma Apps

Key

Decision

plasma/allow_configure_when_locked

Whether immutable widgets and containments* can be configured

plasma/containment_context_menu

Whether context menus are displayed

plasma/external_script_extensions

Whether external scripting extensions to APIs can be used

* Containments are desktop templates

Table 2

Printing Restrictions

Key

Action

print/copies

Limits to one copy

print/dialog

Disables the complete print dialog. If printing is attempted, default settings are used

print/options

No additional print options can be chosen

print/properties

Removes dialog to change print properties or add new printer

print/selection

Eliminates printer selection

print/system

Removes selection of CUPS printing back end

Table 3

Administration Restrictions

Resource Restrictions

Action Restrictions

autostart

action/file_new

data

action/file_save

data_APP-NAME

action/file_print

html

action/file_mail

config

action/edit_cut

sound

action/edit_paste

services

action/edit_find

servicetypes

action/edit/paste

mime

action/options_configure

wallpaper

action/action/options_save_Settings

templates

exe

Konsole Keys

lib

action/settings

all

action/keyboard

 

action/save_sesions_profile

Session Capability Restrictions

editable_desktop_icons

Plasma Desktop Restrictions

action/lock_screen

plasma-desktop/scripting_console

logout

plasma-desktop/add_activities

moveable_toolbars

run_command

File Dialog Keys

shell_access

action/mkdir

switch_user

action/show_hidden

In the "Administration Restrictions" box, the resource restrictions group is one of the more powerful; if all is used, most configuration options are removed. Along with resource restrictions, session capability restrictions are used to set some of the most basic behavior. KDE action restrictions remove menu items from KDE applications, although other applications, such as Firefox and LibreOffice, will remain unaffected.

When selecting keys, be sure to check the complete list to ensure that you have all the related keys necessary to prevent a particular action. For example, if you want to prevent printing, it is not enough to remove action/file_print; you should also disable the general keys for printing. In several places, a key list mentions when other groups of keys should be selected together.

Things to Watch

When you first start using Kiosk, you might imagine that setting everything as immutable in the default kdeglobals is the most economical method. However, you are likely to find that setting carefully chosen sections or keys as immutable is more flexible. You might consider working with unmarked sections or keys and, in special circumstances, producing local versions of kdeglobals. Either way, making effective use of Kiosk takes time and imagination. You should make sure all versions of kdeglobals are included in your regular backups to spare you the ordeal of having to recreate your work.

As you apply Kiosk, be aware that loose permissions or sudo can help experienced users. Besides being thorough when selecting keys, be sure that local versions of configuration files are marked as read-only and that as few users as possible have access to root permissions. Whenever possible, you should install KDE applications in preference to general apps or those from Gnome or other desktops.

Make no mistake – KDE Kiosk is a powerful framework that goes far beyond other efforts, such as xguest, to limit user capabilities. However, that does not mean that planning and other system tools cannot enhance your Kiosk controls. Experiment with Kiosk and dummy accounts before implementing it, and watch for additional capacities as development of Kiosk continues.

The Author

Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest coast art. You can read more of his work at http://brucebyfield.wordpress.com

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Webconverger 4.7 with Firewall and Adobe Reader

    Webconverger, a Linux distro to drive web kiosk systems, is now available in version 4.7. Some updates improve its security.

  • Sabayon and Pessulus

    Gnome version 2.14 includes new features for restricting the user’s access to the system. The Pessulus lockdown editor and the Sabayon profile editor help manage the Gnome user experience.

  • Fedora 35 is Shaping Up to Be an Impressive Release

    Although the beta version of Fedora’s upcoming release is behind schedule, the Linux distribution is still slotted for October and will include numerous bug fixes and some exciting new features.

  • Kitchen Kiosk

    Create a kiosk display from an old eReader to show data culled from Home Automation, Raspberry Pis, and Arduinos.

  • SE Linux

    SELinux provides a safer system through the powerful concept of mandatory access controls.

comments powered by Disqus