This article contains a listing of known keys that can be used with Kiosk and what they do. How to actually use these keys and other capabilities of Kiosk such as URL restrictions, creating assigning profiles, etc. is covered in the Introduction to Kiosk article.
Which configuration file to put these entries in depends on whether you wish to make them global to all applications or specific to one application. To make the restrictions valid for all applications, put them in kdeglobals. To enable a restriction for a specific applications place them in the application-specific configuration, e.g. konqererorrc for Konqueror.
Application .desktop files can have an additional field X-KDE-AuthorizeAction.
If this field is present the .desktop file is only considered valid if the action(s) mentioned in this field has been authorized. If multiple actions are listed they should be separated by commas (',').
If the .desktop file of an application lists one or more actions this way and the user has no authorization for even one of these actions then the application will not appear in the KDE menu, will not allow execution via that .desktop file and will not be used by KDE for opening files of associated mimetypes.
These keys disable actions that are found in the KDE file dialog. To use them, create a section in kdeglobals that looks like this:
[KDE Action Restrictions[$i]
|action/home||Go to home directory|
|action/up||Go to parent directory|
|action/back||Go to previous directory|
|action/forward||Go to next directory|
|action/mkdir||Create new directory|
|action/sorting menu||Sorting options|
|action/short view||Select short view|
|action/detailed view||Select detailed view|
|action/show hidden||Show/hide hidden files|
|action/separate dirs||Show/hide separate directories|
There are several keys that restrict various aspects of the KDE print dialog and printing system. To use them, create a configuration section like this:
[KDE Resource Restrictions][$i]
Note how each of the printing keys start with print/<tt> in the configuration file.
KDE applications can take advantage of many types of resources such as configuration data, caches, plugin registries, etc. These are loaded from both system-wide as well as from per-user locations on disk. It is possible to restrict use of the per-user resources directories, preventing users from adding to or altering existing shared resources.
This is accomplished by creating a section like this in a configuration file:
[KDE Resource Restrictions][$i]
The following resources can be used as keys and controlled in this manner:
|all||n/a||All resources listed in this table|
|autostart||share/autostart||Apps to start on login|
|data_<appname>||share/apps||Application data for the application named <appname>|
|xdgdata-apps||share/applications||Application .desktop files|
|services||share/services||Protocols, plugins, kparts, control panels, etc. registry|
|servicetypes||share/servicetypes||Plugin definitions, referenced in services registry entries|
|wallpaper||share/wallpapers||Desktop wallpaper images|
In kdeglobals in the [KDE Action Restrictions] group:
The timeout is the time in seconds that the user must be idle for before the logout process is automatically started. Be careful with this capability as it can lead to data loss if the user has unsaved files open.
These keys apply to various capabilities associated with a desktop session and are not application specific. To use them, create a section in kdeglobals that looks like this:
[KDE Action Restrictions][$i]