Hi everyone.
I'm planning to install Lubuntu on the 25 machines of a school computer lab. Given this specific purpose, it is essential for me to be able to lockdown the desktop so that students cannot alter any part of it, i.e. modify panels, change wallpapers, add/remove icons, etc.
I know this can be quite easily achieved with gnome, but can I also do it on LXDE?
Thanks
Lockdown desktop
-
Lew_Rockwell_fan
- Posts: 45
- Joined: Wed Aug 07, 2013 4:28 am
- Location: Trantor
Re: Lockdown desktop
Since you've had no answer yet, I'll leave some thoughts that MIGHT be of use if you are still checking this, despite the facts I'm not an expert and I don't have Lubuntu installed at the moment. So take my comments with a grain, nay, more like a gram, of NaCl.
I believe all the things you want to "lock down" are controlled by config files somewhere or another. The gui aps for adjusting these things are just writing changes to those files. Since I don't use Lubuntu or even the full lxde anymore (just plain openbox) I can't easily check their names and locations and I don't remember them but that information should be easy to get. For a guess try looking in ~/.config for each user. Or try changing some setting and then do a search for files that changed in the right time period. Or try using startpage.com (like googol minus the evil) to do searches like "where are lubuntu panel settings kept". Anyway, find the files, chown them to root:root and set the permissions so users can read them but not write them. I'm pretty sure that will do at least most, possibly all of what you want. Of course it won't stop a mildly clever user with sudo priveleges who is determined to change things. Lubuntu (and *buntus in general) use a somewhat retarded and insecure approach to sudo ("ALL=(ALL:ALL) ALL", forsooth!). Nor would it stop a DETERMINED user with physical access who could boot off removable media, even if you set a very restrictive policy in sudoers. There are ways to secure things more, at some cost in convenience, but that should be adequate to stop well-intentioned casual changes.
HOWEVER, 2 contrarian thoughts:
1. Do you really want to stop people from, for instance, increasing the font size? If they have personal user accounts, that strikes me as rather a mean thing to do. Of course if you are talking about an account that anybody can log into, that's a different story.
2. Might it possibly be better to simply set things up so that changes are not persistent or, if they are persistent, that they can easily be restored to whatever you want the defaults to be? After all, they are students learning about computers, right? I learn by breaking things.
I believe all the things you want to "lock down" are controlled by config files somewhere or another. The gui aps for adjusting these things are just writing changes to those files. Since I don't use Lubuntu or even the full lxde anymore (just plain openbox) I can't easily check their names and locations and I don't remember them but that information should be easy to get. For a guess try looking in ~/.config for each user. Or try changing some setting and then do a search for files that changed in the right time period. Or try using startpage.com (like googol minus the evil) to do searches like "where are lubuntu panel settings kept". Anyway, find the files, chown them to root:root and set the permissions so users can read them but not write them. I'm pretty sure that will do at least most, possibly all of what you want. Of course it won't stop a mildly clever user with sudo priveleges who is determined to change things. Lubuntu (and *buntus in general) use a somewhat retarded and insecure approach to sudo ("ALL=(ALL:ALL) ALL", forsooth!). Nor would it stop a DETERMINED user with physical access who could boot off removable media, even if you set a very restrictive policy in sudoers. There are ways to secure things more, at some cost in convenience, but that should be adequate to stop well-intentioned casual changes.
HOWEVER, 2 contrarian thoughts:
1. Do you really want to stop people from, for instance, increasing the font size? If they have personal user accounts, that strikes me as rather a mean thing to do. Of course if you are talking about an account that anybody can log into, that's a different story.
2. Might it possibly be better to simply set things up so that changes are not persistent or, if they are persistent, that they can easily be restored to whatever you want the defaults to be? After all, they are students learning about computers, right? I learn by breaking things.