You are not logged in.

"locking down" kdm

slug420

Beginner

  • "slug420" started this thread

Posts: 1

  • Send private message

1

Wednesday, June 15th 2005, 4:09pm

"locking down" kdm

I am running suse 9.1pro but I think this question is only specific to KDE (running 3.2) and not the distro...

How can I lock down kdm so that when users are logging in they are only able to login to a kde session? I have set this box up as a kiosk using kde-kiosk, sadly if they click menu (wouldnt mind getting rid of this button altogether) -> session type -> and select something else like admin or failsafe, or anything really.....they circumvent all the kiosk restrictions that we have in place.

/opt/kde3/share/apps/kdm/sessions contains .desktop files that people say reference all of the session types but there are session types that appear at the kdm login screen that do not appear in this dir and lots of .desktop files that are in this dir that do not appear as session type options at the login screen.

there is also the kdmrc file which I have heard contains a SessionType= line that specifies what sessions a user can select from but even after modifying this line nothing changes in the session type menu at the kdm login screen.


So ideally...how can i remove the menu option from the login screen altogether, or alternatively how can i make it so that "KDE" is the only option under the session types drop down under the menu.

tia

dlapine

Beginner

Posts: 4

  • Send private message

2

Friday, August 19th 2005, 1:39am

RE: "locking down" kdm

Doing the same thing in suse 9.3 pro

step 1 remove all other normal desktop options from the session type menu

edit the following files

./opt/kde3/share/config/kdm/kdmrc.SuSEconfig
./opt/kde3/share/config/kdm/kdmrc

look for the line

SessionsDirs=

set it to only look for

"/usr/share/xsessions" and remove all desktop files files except kde from this directory

that'll get it down to default, custom,failsafe & kde

All the options save failsafe default to kde, so it's just a matter of stopping the failsafe.

anybody know how to do that in kde 3.2 or higher? I'm still looking.

dlapine

Beginner

Posts: 4

  • Send private message

3

Saturday, August 20th 2005, 2:51am

RE: "locking down" kdm

8)

Found this via google: "http://lists.kde.org/?l=kde-kiosk&m=111944662332070&w=2"

"To override a session type, copy the .desktop file from the data dir to the
config dir and edit it at will. Removing the shipped session types can be
accomplished by "shadowing" them with .desktop files containing Hidden=true.
For the magic session types no .desktop files exist by default, but KDM
pretends they would, so you can override them like any other type.
I guess you already know how to add a new session type by now. ;-)
"

Ok, so it looks like one way to disallow the session type "failsafe" when creating a kiosk is to create a failsafe.desktop in the same directory as the kde.desktop, probably /usr/share/xsessions, set to hidden.

As the settings in this .desktop file will overwrite the settings used by kde, and remove the failsafe option from the desktop, it should not be done lightly, and most usefully as the last step in locking down the node. If something goes wrong, you'll probably need to boot from a rescue CD.

What I did (probably more of a kludge) was simply copy the kde.desktop.
I then edited it to remove all the "name[fg]=" entries.
Then I set the execs to "/bin/false"
Lastly, I added the "Hidden=true" tag as specified above.

my failsafe.desktop looks like this:

[Desktop Entry]
X-SuSE-translate=true
Encoding=UTF-8
Type=XSession
Exec=/bin/false
TryExec=/bin/false
Name=failsafe
Hidden=true

And I no longer get the option to select a failsafe session. Yeah!

Hope this helps. I tried removing the Default and Custom options, but I didn't get it to work with trival effort, and I didn't have time to play with it.
Since both options went to KDE, I didn't worry about it too much.