Desktop Lockdown
The projects to break away from GTK and update Slackware from 14.2 to 15.0 are continuing forward. Both projects have required considerable time and patience.
One of the hopeful side goals is migrating the living room media player away from GTK and remove MATE. This system cannot be updated to Slackware 15.0 because of a desire to run software that “just works” but no longer is supported. The system will remain on 14.2 for a long time, possibly forever. The system is treated as an appliance with a locked desktop that has no direct internet access. Security concerns are low.
That means despite preferring KDE 5, this system cannot be updated easily to KDE 5.
Part of the system’s configuration is the default user desktop environment is locked to avoid inadvertent toe stubbing and mistakes. The desktop is configured to allow using only three media tools. The primary method of controlling the desktop is with an infra red remote control.
Some years ago the system was updated to newer hardware, but the origins of the system are rooted several years earlier in the KDE 3 days. KDE always has had a comprehensive and flexible way to lock desktops. That useful feature continued when the system was moved from KDE 3 to the Trinity Desktop Environment (TDE). When leaving TDE some years ago, the only desktop choices with lockdown features was MATE and Xfce.
MATE won out because Xfce did not support lockdown features. Instead Xfce is designed to support kiosk features. A desktop lockdown is not the same as a kiosk. The common kiosk design approach seems to presume using a web browser. The lockdown approach presumes nothing.
With the local effort to update to Slackware 15.0 and a newer version of Xfce, despite being based on GTK, some attention was given as to whether Xfce could be used. Little has changed and testing Xfce as a desktop on the living room media player again proved frustrating because of this kiosk rather than lockdown design.
There are two Xfce web pages addressing kiosk configuration. One page seems outdated and the other implies that most of the original kiosk design has been moved into user Xfce4 configuration files.
Yet after following the directions, the result leaves much to be desired. There remains a desktop right-click menu. The panel context menu allows launching a web browser to view help documentation — that exists only online. Little tricks like using chattr accomplishes little because session changes remain possible although not persistent.
Those shortcomings left three options:
- Continue using MATE.
- Use KDE 4.
- Use TDE.
Unlike Xfce, MATE is designed with lockdown features rather than kiosk features. Using MATE is hardly the end of the world, but project goals are to break away from GTK tomfoolery. While the 1.16 version of MATE on this Slackware 14.2 system is not affected by GTK3, that does little to change the desire to break away from GTK as much as practical.
Testing KDE 4 in a Slackware 14.2 virtual machine indicated a basic desktop is possible without burdensome package dependencies and overhead. This system only needs a basic desktop. KDE 4 offers the same original KDE 3 lockdown features.
After the previous few months of testing, the TDE option seemed palatable because TDE had already been much tested and groomed with many configurations.
The fundamental component to locking the TDE (and KDE 4 and 5) desktop is contained in the user’s kdeglobals file in the KDE Action Restrictions group section. These keys likely do not exist on most systems and need to be added manually. For this living room media player the affected keys include the following:
[KDE Action Restrictions]
action/bookmarks=true
action/configdesktop=true
action/devnew=true
action/editfiletype=true
action/kicker_rmb=true
action/konsole_rmb=true
action/kwin_rmb=true
action/menuedit=true
action/openintab=true
action/openwith=true
action/properties=true
editable_desktop_icons=true
lock_screen=true
movable_toolbars=true
run_command=true
services=true
switch_user=true
user/root=true
Being a pack rat with shell scripts that have been written through the years meant the original KDE 3 shell script used to toggle lockdown features was still available and required only nominal effort to adapt to TDE. The shell script toggles the options to false when wanting to tinker or fine tune the desktop and vice-versa. Toggling this lockdown is not much needed after the desktop is configured and tested.
After configuring the TDE desktop this approach seems to be functioning well and only a basic desktop is needed. Some KDE 4 testing might continue. Always nice to have options.
Posted: Category: Usability Tagged: KDE
Next: Slackware 15 — 10
Previous: LibreOffice Help