User:Danimo/KIOSK/new: Difference between revisions

    From KDE TechBase
    (up to chapter 4)
     
    m (fix double redirect)
     
    Line 3: Line 3:
    KIOSK Admin Tool is a KDE administration tool that offers system administrators an easy way to predefine desktop configurations for single and/or groups of users, lock down settings or otherwise restrict features of the KDE desktop environment.
    KIOSK Admin Tool is a KDE administration tool that offers system administrators an easy way to predefine desktop configurations for single and/or groups of users, lock down settings or otherwise restrict features of the KDE desktop environment.


    The default Desktop delivers many powerful features an possibilities. However, in business environment for example it is nessesary to reduce the number of programs, features and possibilities according to the tasks that need to be done.
    The default Desktop delivers many powerful features an possibilities. However, in business environment for example it is neccesary to reduce the number of programs, features and possibilities according to the tasks that need to be done.


    KIOSK Admin Tool takes advantage of KDE's KIOSK restrictions framework. It is centered around profiles.A profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users.
    KIOSK Admin Tool takes advantage of KDE's KIOSK restrictions framework. It is centered around profiles.A profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users.
    Line 40: Line 40:
      rpm -i kiosktool-version.i568.rpm
      rpm -i kiosktool-version.i568.rpm


    The installation procedure in SuSE 9.2 may be done directly by YAST, but you have to select KIOSK Admin Tool manually. Additional informations to next part of documentation (filesystem hierarchie, configuration files) you find in the [[SysAdmin|TechBase SysAdmin area]].
    The installation procedure in SuSE 9.2 may be done directly by YAST, but you have to select KIOSK Admin Tool manually. Additional informations to next part of documentation (filesystem hierarchie, configuration files) you find in the [[KDE System Administration|TechBase SysAdmin area]].


    KDE defines a filesystem hierarchy which is used by the KDE environment itself as well as all KDE applications (and KIOSK Admin Tool).
    KDE defines a filesystem hierarchy which is used by the KDE environment itself as well as all KDE applications (and KIOSK Admin Tool).

    Latest revision as of 18:02, 9 September 2007

    Overview

    KIOSK Admin Tool is a KDE administration tool that offers system administrators an easy way to predefine desktop configurations for single and/or groups of users, lock down settings or otherwise restrict features of the KDE desktop environment.

    The default Desktop delivers many powerful features an possibilities. However, in business environment for example it is neccesary to reduce the number of programs, features and possibilities according to the tasks that need to be done.

    KIOSK Admin Tool takes advantage of KDE's KIOSK restrictions framework. It is centered around profiles.A profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users.

    KDE's Kiosk framework makes it possible for a system administrator to turn off certain KDE features.

    Typical usage of KIOSK Admin Tool is to create a new profile, then to set up the profilewith the desired default settings and restrictions, and finally to activate the profile by assigning the profile to one or more users.

    Profiles

    A profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users.

    The KDE desktop environment as well as all KDE applications use a specific directory structure to lookup configuration settings and various other information. KDE knows about several locations for these directory structures. All the information and configuration settings found in the various locations are combined before they are used. Lock down features control whether settings in the user's home folder ($KDEHOME or ~/.kde) are taken into account or not.

    A profile consists of a standard KDE directory structure in a custom location with settings and information chosen by you.

    KIOSK Admin Tool lets you chose in which location a profile should be stored. Information about available profiles is stored in the file /etc/kderc.

    It is recommended to store all profiles under a single directory. In this case the /etc/kderc file only needs to contain a reference to this single directory and KDE and KIOSK Admin Tool will automatically pick up all profiles stored under this directory. See the Chapter 4chapter for more information.

    Install KIOSK Admin Tool and KDE Basics

    The KIOSK Admin Tool works since KDE 3. When using KIOSK Admin Tool in combination with older versions of KDE (KDE 3.2 or older) some additional steps need to be taken in order to properly activate the profiles.

    The newly introduced, common KDE 3.2 menu format is documented at freedesktop.org The new menu format defines structure in a single .menu file, is based on categories, is shared between Gnome and KDE and supports applnk style menus as well.

    For this tutorial, it is preferred to use KDE 3.2.2 or newer.

    The Distribution of SuSE 9.1 contains KIOSK Admin Tool that should be replaced by a newer version.

    Downloads from: http://extragear.kde.org/apps/kiosktool

    For SuSE you can get a rpm-package. Install command :

    rpm -i kiosktool-version.i568.rpm
    

    The installation procedure in SuSE 9.2 may be done directly by YAST, but you have to select KIOSK Admin Tool manually. Additional informations to next part of documentation (filesystem hierarchie, configuration files) you find in the TechBase SysAdmin area.

    KDE defines a filesystem hierarchy which is used by the KDE environment itself as well as all KDE applications (and KIOSK Admin Tool).

    /opt kde3/bin/kiosktool /opt/kde3/bin/kiosktool-kdedirs /opt/kde3/share/apps/kiosktool/... /opt/kde3/share/config/kiosktoolrc /opt/kde3/share/icons/... /opt/kde3/share/locale/... (language packages) ...

    check this: kiosktool-kdedirs check


    KDE Directory Layout (SuSE Linux for example)

    $HOME/.kde user level, personal KDE directory /opt/kde3 system level, SuSE specific, sometimes /usr or /usr/kde3 /etc/opt/kde3 Added by SuSE

    Environment Variables

    $KDEHOME ~/.kde normally located in user's home directory $KDEROOTHOME /root/.kde $KDEDIR /opt/kde3, /usr, /usr/kde3 depends from distribution, used by KDE2 $KDEDIRS /opt/kde3, /usr, /usr/kde3 new in KDE3 : multiple locations possible

    The default values most times don't need to be changed (the default is OK). Normally $KDEHOME, the tree located in the user's home directory, has the highest precedence. This is the directory tree where the user sets up his own changes.

    Normally $KDEHOME, the tree located in the user's home directory, has the highest precedence. This is the directory tree where the user sets up his own changes. A system administrator can create additional directory trees which can be used for profiles. Special KDE configuration directories for special user profiles (or group profiles) will be specified within /etc/kderc (SuSE: /etc/kde3rc).


    Additional (shared) KDE Sub-Directories

    share/applications/ .desktop files for the KDE Menu (since KDE3.2) share/apps contains applications specific data files; Each application has a sub-directory here for storing additional data files share/config configuration files for KDE applications (normally named after the the application they belong to plus rc, i.e. kiosktoolrc). A special case is kdeglobals as a file that is readed by all KDE applications. share/config/session/ used by KDE session manager ksmserver (normally only available under $KDEHOME/... At the end of a session KDE applications store their state here. The file names start with the name of the application followed by a number. ksmserver stores references to these numbers when saving a session in share/config/ksmserverrc . share/doc/HTML/ contains documentation of KDE and KDE applications (khelpcenter) share/icons icons for KDE applications share/mimelnk KDE uses .desktop files that describe MIME types to identificate the type of a file share/services contains .desktop files that describe services. Services are like applications but are usually launched by other applications instead of the user . Services do not appear in the KDE menu. share/servicetypes servicetypes usually represents a certain programming interface share/sounds contains sound files share/templates contains templates for creating files of various types including a reference to a file in the .source sub-directory share/wallpapers contains images that can be used as background picture

    Additional (OS- and CPU-depended) KDE Sub-Directories

    bin/ used for KDE executables cgi-bin/ CGI scripts that can be used by the KDE Help Center lib/ used for KDE libraries lib/kde3 contains components, plugins and other runtime loadable objects for use by KDE 3.x applications

    Additional (Host Specific) KDE Sub-Directories

    three host-specific directories that are usually symlinked to other locations: $KDEHOME/socket-$HOSTNAME --> /tmp/ksocket-$USER/ $KDEHOME/tmp-$HOSTNAME --> /tmp/kde-$USER/ $KDEHOME/cache-$HOSTNAME --> /tmp/kdecache-$USER/ /tmp and /var/tmp as systemwide (maybe world) writable directories opt/kde3/bin/./lnusertemp tmp lnusertemp utility will create a new directory with an alternative name and links to that instead. That's why there is a possibility, that one of the mentioned directories already exists but is owned by another user.


    KDE Configuration Files

    simple text files, UTF-8 encoding for text outside the ASCII range Groups indicated by a groupname placed in square brackets at the top of a group followed by key-value-pairs. Key and value are separated by an equal sign. The key can contain spaces and may be followed by options placed in square brackets, sometimes with optional backslash codes for special output formats. All the key-values entries that follow belong to the group.

    [groupname]
    keyname=value [option]
    

    Entries at the top of the file that are not preceded by a group name belong to the default group.


    Configuration Files Cascading

    There can be multiple configuration files with the same name in the share/config sub-directory of the various KDE directory trees. A configuration file can contain only few selected groups with few selected keys.

    The final value of a key depends from the the priority of the directory the configuration file is placed and the precedence of the key in it. The configuration files under $KDEHOME have always the highest priority. The precedence order of KDE directories is listed in $KDEDIRS, available since KDE 3.x.

    If $KDEDIRS is undefined , the single location of $KDEDIR is used instead. If a key in a certain group is defined multiple times in a single file, the value of the last entry is used.

    Starting with KDE 3, configuration entries can be marked immutable, and once such a value has been read its value cannot be changed any more via KConfig or user entries in $KDEHOME . Entries can be marked immutable on an entry-by-entry, group, or file basis by adding a [$i] at the right places.

    Keyword[$i]=value prevents overwriting the default setting and marks this key immutable.

    Group[$i] sets all key entries of this group immutable. To lock down the entire file, start the file with [$i] in a single line.

    [$e] and [$ie] are so called Shell Expansions and can be used to provide more dynamic default values.

    Normally the expanded form is written into the users configuration file after first use. To prevent this, it is recommended to lock the configuration entry down by using [$ie].

    KDE Startup Sequence -- what happens during startup

    Login Manager: kdm Startkde script: startkde starts kdeinit (which application?) and ksmserver (session manager) during the users login. Kdeinit is used to start all other KDE programs. Inititialised Background Services: dcopserver (deamon for Desktop Communication Process/Protocol) kded (generic KDE service daemon for background processes) kcminit (Initialisation service for hardware) klauncher (Program launch without interface, not the ALT-F2 dialog) knotify (User notifications) ksmserver (Session management, startup desktop components) Desktop Components: Kwin (Taskmanager) KDesktop (Icons) Kicker (Panel) Klipper (Dienstprogramm für Zwischenablage)

    DCOP, Desktop interprocess communication

    can be used for all kinds of KDE desktop automatisation and scripting (also as command line tool) based on Inter Client Exchange (ICE) Protocol and uses UNIX sockets instead of remote calls can also be used to run KDE applications in GNOME desktop

    KIOSK Admin Tool Settings

    ...