still trying to lock xfce...

Brian J. Tarricone bjt23 at cornell.edu
Tue Mar 16 11:51:32 CET 2004


Alvise wrote:

> I hope you plan to apply the XFCE_DISABLE_USER_CONFIG on the whole 
> panel, because it could turn xfce in a wonderful system for limited 
> enviroments!

this reminds me of something i was thinking about a while ago... is this 
really the best way to implement a systemwide-restricted config? it 
seems to me that this places a bit of a burden on the system admin, 
since they'll need to make damned sure that the user can't run a 
terminal. if the user can do that, all they have to do is:

$ unset XFCE_DISABLE_USER_CONFIG
$ killall xfwm4 && nohup xfwm4&
$ killall xfdesktop && nohup xfdesktop&
.....(and so on)....

and they've effectively defeated the lockdown (granted, if not using 
xfce4-session, they can't restart the session-controlling app). 
depending on the environment, preventing users from running a terminal 
may be easy, or it may be hard. the only "foolproof" method i can think 
of to lock down the environment is to check for a file, say 
$sysconfdir/xfce4/xfce_disable_user_config, and, if present, lock down 
the DE. (i'm sure there are other ways, but this seems easiest.) with 
this method, only users with write access to $sysconfdir (usually /etc) 
can change the system's lockdown state. even better would be to have 
said file contain a list of users for which the system is locked down, 
or, conversely, a list of users that are exempt from the lockdown.

just an idle thought, dunno if anyone feels like messing with this...

-brian



More information about the Xfce mailing list