still trying to lock xfce...
Brian J. Tarricone
bjt23 at cornell.edu
Tue Mar 16 11:51:32 CET 2004
> I hope you plan to apply the XFCE_DISABLE_USER_CONFIG on the whole
> panel, because it could turn xfce in a wonderful system for limited
this reminds me of something i was thinking about a while ago... is this
really the best way to implement a systemwide-restricted config? it
seems to me that this places a bit of a burden on the system admin,
since they'll need to make damned sure that the user can't run a
terminal. if the user can do that, all they have to do is:
$ unset XFCE_DISABLE_USER_CONFIG
$ killall xfwm4 && nohup xfwm4&
$ killall xfdesktop && nohup xfdesktop&
.....(and so on)....
and they've effectively defeated the lockdown (granted, if not using
xfce4-session, they can't restart the session-controlling app).
depending on the environment, preventing users from running a terminal
may be easy, or it may be hard. the only "foolproof" method i can think
of to lock down the environment is to check for a file, say
$sysconfdir/xfce4/xfce_disable_user_config, and, if present, lock down
the DE. (i'm sure there are other ways, but this seems easiest.) with
this method, only users with write access to $sysconfdir (usually /etc)
can change the system's lockdown state. even better would be to have
said file contain a list of users for which the system is locked down,
or, conversely, a list of users that are exempt from the lockdown.
just an idle thought, dunno if anyone feels like messing with this...
More information about the Xfce