3. Practically
3.1. Step 1
List the logins whose KDE desktop whould be erased when the user logs in. Put this list in /etc/restricted_users, one login on line. Give the file to root, group root (chown root.root /etc/restricted_users).
Allow the owner to read and write to the file, and give read-permissions for the others (chmod 0644 /etc/restricted_users) so that only the sysadmin can change the list.
If you've many accounts on your box, you can generate this list using the following script (you should run it as root).
#!/bin/sh
awk 'BEGIN { FS=":" } $3 >= 500 { print $1 }' /etc/passwd > /etc/restricted_users
# Just for paranoia :)
chmod 0644 /etc/restricted_users
chown root.root /etc/restricted_users | Warning : perhaps it won't work on all systems ! |
|---|---|
Practically, it may be useful to change the '500' number (line 2), it depending on your operating system. On some systems, normal (read: non-system / non-root) user account numbers (UID) start at 500. On some others, it starts at 100 or at 1000, so feel free to change this setting into another value that fits your needs. If in doubt, just check /etc/passwd. |
3.2. Step 2
Create a proto-user. In this document, we will call it 'user'. To create it :
# adduser user
Then change his password :
# passwd user Changing password for user user New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully
Then, log in as this user. Ajust his desktop settings to what you want (desktop wallpaper, menus, desktop theme, colors, an so on...). You may also be interested in having a look at .kde/share/config/kdeglobals (the file can be found in the proto-user's home directory) for additional settings.
As an example, here is a kdeglobals which disables desktop right-click and so prevents them from changing the desktop wallpaper (source: Kiosk-HOWTO, see the "Links" section). There is just one virtual desktop. Feel free to modify it to fit your needs !
[Desktops] Name_1= Name_2= Name_3= Name_4= Number=1 [General] TipsOnStart=false [Global Keys] Execute command= [Locale] Charset=iso8859-1 Country=fr Language=fr [Mouse Buttons] Right= [PanelIcons] Size=16 [Paths] Autostart=$HOME/.kde/Autostart/ Desktop=$HOME/.kde/Desktop/ Templates=$HOME/.kde/Templates/ Trash=$HOME/.kde/Corbeille/ [WM] activeFont=helvetica,12,5,iso8859-1,75,0
Once you're satisfied with your desktop settings, you have to close your KDE session. This will cause KDE to save your settings on the harddisk.
3.3. Step 3
The following script builds a gzipped-tarball (a compressed image) of the proto-user's KDE desktop settings. Simply edit it and change the 'PROTO_USER' variable contents to the account name of your proto-user (we called it user so far, so if you followed those instructions carefully, you don't need to change anything).
#!/bin/sh
# The proto_user is the user of which you've configured the KDE desktop
# and want other user's desktop to look like
PROTO_USER=user
FIND=/usr/bin/find
TAR=/bin/tar
CUT=/usr/bin/cut
# PROTO_USER's homedir (no need to change that) :
HOMEDIR=$(eval echo ~${PROTO_USER})
echo "Note: Using $PROTO_USER as modele (homedir : ${HOMEDIR})." 1>&2
# When the script ends (that means either on normal exit, or on SIGTERM)
trap "[ -f ${HOMEDIR}/dont-tar.lst ] && rm -f ${HOMEDIR}/dont-tar.lst" 0
# Displays a notice if the /etc/kde-config.tgz already exists and delete it
[ -f /etc/kde-config.tgz ] && { echo "/etc/kde-config.tgz already exists. \
Deleting..." 1>&2; rm -f /etc/kde-config.tgz; }
echo "Now building the archive..."
# Try to cd to user's homedir, exit if it fails
cd ${HOMEDIR}/ || { echo "Failed to cd $HOMEDIR !" 1>&2; exit 1; }
# We list all the symlinks because we don't want them in the tarball
$FIND . -type l -print | $CUT -c 3- > ${HOMEDIR}/dont-tar.lst || { \
echo "Failed to find the symlinks in ${HOMEDIR} !" 1>&2; exit 1; }
# Tar the .kde/ directory, exclude files (symlinks !) in dont-tar.lst
$TAR cvfzX /etc/kde-config.tgz ${HOMEDIR}/dont-tar.lst .kde/ >/dev/null \
|| { echo "Failed to build the tarball !"; exit 1; }
# Just for paranoia :)
chown root.root /etc/kde-config.tgz
chmod 0644 /etc/kde-config.tgz
echo "Done ! The tarball has been saved in /etc/kde-config.tgz." 1>&2
exit 0Once you're done, log in as root (su -) and type :
# ./update-kde-config.sh ...
As a consequence, the .kde/ and Desktop/ directories of the proto-user will tarred, gzipped, and then stored in /etc/kde-config.tgz.
3.4. Step 4
Finally, we have to edit the file that is executed right after a user types its login and password in KDM.
On Mandrake or Debian GNU/Linux, the file is /etc/X11/Xsession. On other distributions, it may be /etc/X11/xdm/Xsession. Check the X manpages for additional informations.
This file is runned as (and so with the rights of) the user that logs in. Add the following lines at the beginning of Xsession (you can download a sample Mandrake 8 Xsession from here).
if ( egrep ^${USER}$ /etc/restricted_users>/dev/null ); then
# If the user is restricted...
#
# Remove every symlinks from ~/.kde and ~/Desktop
# This avoids breaking things if the user has created a link that
# points to / on his KDE Desktop
for dir in '.kde Desktop'; do
find ~/$dir -type l -exec rm -f {} \;
done
# We clean the user's home dir a bit...
rm -rf ~/.kde
rm -f ~/.kderc
rm -rf ~/Desktop
rm -f ~/.DCOP*
# Then we untar a brand new desktop (created with the
# update-kde-config.sh script)
(cd ~ && tar xvfz /etc/kde-config.tgz 2>&1 >/dev/null)
fi