KDE System Administration/Kiosk/Keys

    From KDE TechBase

    This article contains a listing of known keys that can be used with Kiosk and what they do. How to actually use these keys and other capabilities of Kiosk such as URL restrictions, creating assigning profiles, etc. is covered in the Introduction to Kiosk article.

    Which configuration file to put these entries in depends on whether you wish to make them global to all applications or specific to one application. To make the restrictions valid for all applications, put them in kdeglobals. To enable a restriction for a specific applications place them in the application-specific configuration, e.g. konqererorrc for Konqueror.

    Application Action Restrictions

    KCalc

    Konqueror and Desktop

    Konsole

    These keys can appear in kdeglobals, konsolepartrc or konsolerc.

    Key Action
    action/konsole_rmb Context menus
    action/settings Disable the entire settings menu
    action/show_menubar Show/hide the menubar
    action/show_toolbar Show/hide the toolbar
    action/scrollbar Show/hide the scrollbar
    action/bell Configure bell actions
    action/font Configure font
    action/keyboard Set keyboard type
    action/schema Select the schema to use
    action/size Set the terminal size
    action/history Configure history
    action/save_default Save settings as defaults
    action/save_sessions_profile Save sessions profile
    action/send_signal Send a signal to the current terminal
    action/bookmarks Bookmarks menu
    action/add_bookmark Add a bookmark
    action/edit_bookmarks Edit bookmarks
    action/clear_terminal Clear the current terminal
    action/reset_clear_terminal Clear and reset the current terminal
    action/find_history Find in history
    action/find_next Find next item in history
    action/find_previous Find previous item in history
    action/save_history Save history to disk
    action/clear_history Clear history of current terminal
    action/clear_all_histories Clear histories of all terminals
    action/detach_session Detach current tab
    action/rename_session Rename current session
    action/zmodem_upload ZModem uploading
    action/monitor_activity Monitor current terminal for activity
    action/monitor_silence Monitor current terminal for silence
    action/send_input_to_all_sessions Replicate input to all sessions
    action/close_session Close current terminal session
    action/new_session Create a new terminal session
    action/activate_menu Activate menubar
    action/list_sessions Session list menu
    action/move_session_left Shift tab to the left
    action/move_session_right Shift tab to the right
    action/previous_session Go to tab to the left
    action/next_session Go to tab to the right
    action/switch_to_session_# Go to tab numbered #, where # is a number between 1 and 12 inclusive.
    action/bigger_font Increase font size
    action/smaller_font Decrease font size
    action/toggle_bidi Turn bidirectional text support on or off

    KWin

    Key Action
    action/kwin_rmb Context menus on window titlebar and frame

    Panels

    Warning
    This section needs improvements: Please help us to

    cleanup confusing sections and fix sections which contain a todo


    revisit this when plasma is providing the panels

    Using D-Bus To Find More Actions

    Authorizing .desktop Files

    Application .desktop files can have an additional field X-KDE-AuthorizeAction.

    If this field is present the .desktop file is only considered valid if the action(s) mentioned in this field has been authorized. If multiple actions are listed they should be separated by commas (',').

    If the .desktop file of an application lists one or more actions this way and the user has no authorization for even one of these actions then the application will not appear in the KDE menu, will not allow execution via that .desktop file and will not be used by KDE for opening files of associated mimetypes.

    File Dialog

    These keys disable actions that are found in the KDE file dialog. To use them, create a section in kdeglobals that looks like this:

    [KDE Action Restrictions[$i] action/<key>=false

    Key Action
    action/home Go to home directory
    action/up Go to parent directory
    action/back Go to previous directory
    action/forward Go to next directory
    action/reload Reload directory
    action/mkdir Create new directory
    action/toggleSpeedbar Show/hide sidebar
    action/sorting menu Sorting options
    action/short view Select short view
    action/detailed view Select detailed view
    action/show hidden Show/hide hidden files
    action/preview Show/hide preview
    action/separate dirs Show/hide separate directories

    Printing

    There are several keys that restrict various aspects of the KDE print dialog and printing system. To use them, create a configuration section like this:

    [KDE Resource Restrictions][$i] print/<resource key>=false

    Note how each of the printing keys start with print/ in the configuration file.

    print/copies
    Disables the panel that allows users to make more than one copy.
    print/dialog
    Disables the complete print dialog. Selecting the print option will immediately print the selected document using default settings. Make sure that a system wide default printer has been selected. No application specific settings are honored when this restriction is activated.
    print/options
    Disables the button to select additional print options.
    print/properties
    Disables the button to change printer properties or to add a new printer.
    print/selection
    Disables the options that allows selecting a (pseudo) printer or change any of the printer properties. Make sure that a proper default printer has been selected before disabling this option. Disabling this option also disables print/system, print/options and print/properties.
    print/system
    Disables the option to select the printing system backend, e.g. CUPS. It is recommended to disable this option once the correct printing system has been configured.

    Resource Restrictions

    KDE applications can take advantage of many types of resources such as configuration data, caches, plugin registries, etc. These are loaded from both system-wide as well as from per-user locations on disk. It is possible to restrict use of the per-user resources directories, preventing users from adding to or altering existing shared resources.

    This is accomplished by creating a section like this in a configuration file:

    [KDE Resource Restrictions][$i] <resource key>=false

    The following resources can be used as keys and controlled in this manner:

    Key Directory Provides
    all n/a All resources listed in this table
    autostart share/autostart Apps to start on login
    data share/apps Application data
    data_<appname> share/apps Application data for the application named <appname>
    html share/doc/HTML HTML files
    icon share/icon Icons
    config share/config Application configurations
    pixmap share/pixmaps Images
    xdgdata-apps share/applications Application .desktop files
    sound share/sounds Sound files
    locale share/locale Localization data
    services share/services Protocols, plugins, kparts, control panels, etc. registry
    servicetypes share/servicetypes Plugin definitions, referenced in services registry entries
    mime share/mimelnk Mimetype definitions
    wallpaper share/wallpapers Desktop wallpaper images
    templates share/templates Document templates
    exe bin Executable files
    lib lib Libraries

    Screensavers

    In kdeglobals in the [KDE Action Restrictions] group:

    opengl_screensavers
    defines whether OpenGL screensavers are allowed to be used.
    manipulatescreen_screensavers
    defines whether screensavers that manipulate an image of the screen (e.g. moving chunks of the screen around) are allowed to be used.

    Automatic Log-out

    In kscreensaverrc:

    [ScreenSaver] AutoLogout=true AutoLogoutTimeout=600

    The timeout is the time in seconds that the user must be idle for before the logout process is automatically started. Be careful with this capability as it can lead to data loss if the user has unsaved files open.

    Session Capability Restrictions

    These keys apply to various capabilities associated with a desktop session and are not application specific. To use them, create a section in kdeglobals that looks like this:

    [KDE Action Restrictions][$i] <key>=false

    custom_config
    Whether the --config command line option should be honored. The --config command line option can be used to circumvent locked-down configuration files.
    editable_desktop_icons
    define whether icons on the desktop can be moved, renamed, deleted or added. You might want to set the path for the desktop to some read-only directory as well instead of $HOME/Desktop.
    lineedit_text_completion
    Defines whether input lines should have the potential to remember any previously entered data and make suggestions based on this when typing. When a single account is shared by multiple people you may wish to disable this out of privacy concerns.
    lock_screen
    whether the user will be able to lock the screen.
    logout
    whether the user will be able to logout from KDE.
    movable_toolbars
    define whether toolbars may be moved around by the user. See also action/options_show_toolbar.
    run_command
    whether the "Run Command" (Alt-F2) option is available.
    run_desktop_files
    defines whether users may execute desktop files that are not part of the default desktop, KDE menu, registered services and autostarting services.
    • The default desktop includes the files under $KDEDIR/share/kdesktop/Desktop but not the files under $HOME/Desktop.
    • The KDE menu includes all files under $KDEDIR/share/applnk and $XDGDIR/applications
    • Registered services includes all files under $KDEDIR/share/services
    • Autostarting services include all files under $KDEDIR/share/autostart but not the files under $KDEHOME/Autostart
    shell_access
    Whether a shell suitable for entering random commands may be started. This also determines whether the "Run Command" option (Alt-F2) can be used to run shell-commands and arbitrary executables. Likewise, executables placed in the user's Autostart folder will no longer be executed. Applications can still be autostarted by placing .desktop files in the $KDEHOME/Autostart or $KDEDIR/share/autostart directory. See also run_desktop_files.
    You probably also want to activate the following resource restictions:
    • "appdata_kdesktop" - To restrict the default desktop.
    • "apps" - To restrict the KDE menu.
    • "xdgdata-apps" - To restrict the KDE menu.
    • "services" - To restrict registered services.
    • "autostart" - To restrict autostarting services.
    Otherwise users can still execute .desktop files by placing them in e.g. $KDEHOME/share/kdesktop/Desktop
    skip_drm
    defines if the user may omit DRM checking.
    start_new_session
    defines whether the user may start a second X session. See also the documentation on kdm configuration.
    switch_user
    defines whether user switching via kdm is allowed. See also the documentation on kdm configuration.