Pessulus is a Python front end for configuring the Gconf XML configuration files.
The software lets you create a profile that limits a user to a set of application that a system administrator allows. It has a nice, logically structured GUI that allows administrators to choose and click checkboxes on the options that you want to deny for user access. By default all the lockdown functions are unchecked, meaning the system remains configured as is. Also, there is no button to check all the checkboxes at once; you have to choose each one by one. Moving the mouse button over a specific lockdown option gives administrators a description of that function in a popup box.
Pessulus provides four main groups for locking specific sets of applications -- Main, Panel, Epiphany Web browser, and GNOME screensaver. Each group allows an administrator to limit a specific set of software or functions.
The Main category includes lockdown of the command line (terminal), disabling printing (including disabling print setup), and disabling the "save to disk" function, which is useful if you don't want people to save anything on the terminal PC. Checking the Pessulus box to disable "save to disk" actually disables the "Save" function in all applications.
|Click to enlarge|
You can lock down the GNOME panel to prevent users from modifying the default panel configuration or just stop them from adding or removing applets. In this menu, you can also disable the "Log out" button and disable screenlocking. You can prevent users from executing the "force quit" function so that they can't kill any of the running processes. In the lower right side of the Panel menu, you can select what panel applets should be disabled; disabling an applet is as simple as clicking the checkbox in front of it.
The GNOME screensaver menu gives you three choices. You can set the screensaver to lock the screen when the screensaver activates, requiring users to type a password if they want to continue, set the option in the unlock dialog to allow users to log out after a delay, or add an option to the unlock dialog to allow user switching.
The only lockdown function that you might miss is the ability to not be able to mount external storage devices (like USB keys).
Pessulus gives you a nice interface for disabling specific user functions on the GNOME desktop, which makes GNOME now a suitable graphical environment for use on publicly available terminals.