May 22, 2007

Lock down the GNOME desktop with Pessulus

Author: Anže Vidmar

Looking for a way to limit users' functionality on a publicly available machine, such as a kiosk machine for conference attendees? No one wants people trying to alter their systems for fun or malice. If you're running the GNOME environment, you can turn to a tool called Pessulus -- a lockdown manager for the GNOME desktop.

Pessulus is a Python front end for configuring the Gconf XML configuration files.

The software lets you create a profile that limits a user to a set of application that a system administrator allows. It has a nice, logically structured GUI that allows administrators to choose and click checkboxes on the options that you want to deny for user access. By default all the lockdown functions are unchecked, meaning the system remains configured as is. Also, there is no button to check all the checkboxes at once; you have to choose each one by one. Moving the mouse button over a specific lockdown option gives administrators a description of that function in a popup box.

Pessulus provides four main groups for locking specific sets of applications -- Main, Panel, Epiphany Web browser, and GNOME screensaver. Each group allows an administrator to limit a specific set of software or functions.

The Main category includes lockdown of the command line (terminal), disabling printing (including disabling print setup), and disabling the "save to disk" function, which is useful if you don't want people to save anything on the terminal PC. Checking the Pessulus box to disable "save to disk" actually disables the "Save" function in all applications.

Click to enlarge

You can lock down the GNOME panel to prevent users from modifying the default panel configuration or just stop them from adding or removing applets. In this menu, you can also disable the "Log out" button and disable screenlocking. You can prevent users from executing the "force quit" function so that they can't kill any of the running processes. In the lower right side of the Panel menu, you can select what panel applets should be disabled; disabling an applet is as simple as clicking the checkbox in front of it.

Unfortunately, in the third group, you can disable functions only for the Epiphany Web browser and not Firefox or Opera, for example, but this is OK as long you don't have any other Web browser installed on the system. This set of restrictions is useful if you're planning to have a Web-only terminal PC, because you can lock down the important functions such as the quit function, hide the menubar, disable bookmark editing, and disable JavaScript. Unfortunately, there is no option to disable Flash animations. You can also force Epiphany to run only in full screen mode, so that you can turn your box into a Web terminal. And you can disable users' ability to type URLs in Epiphany, and disable loading content from unsafe protocols (anything that is not HTTP or HTTPS).

The GNOME screensaver menu gives you three choices. You can set the screensaver to lock the screen when the screensaver activates, requiring users to type a password if they want to continue, set the option in the unlock dialog to allow users to log out after a delay, or add an option to the unlock dialog to allow user switching.

The only lockdown function that you might miss is the ability to not be able to mount external storage devices (like USB keys).

Pessulus gives you a nice interface for disabling specific user functions on the GNOME desktop, which makes GNOME now a suitable graphical environment for use on publicly available terminals.

Click Here!