Chapter 6. GNOME Configuration for Administrators

Contents

6.1. The GConf System
6.2. Customizing Main Menu, Panel, and Application Browser
6.3. Starting Applications Automatically
6.4. Automounting and Managing Media Devices
6.5. Changing Preferred Applications
6.6. Managing Profiles Using Sabayon
6.7. Adding Document Templates
6.8. Desktop Lock Down Features
6.9. For More Information

This chapter introduces GNOME configuration options which administrators can use to adjust system-wide settings, such as customizing menus, installing themes, configuring fonts, changing preferred applications, and locking down capabilities.

These configuration options are stored in the GConf system. Access the GConf system with tools such as the gconftool-2 command line interface or the gconf-editor GUI tool.

6.1. The GConf System

The GNOME desktop manages its configuration with GConf. It is a hierarchically structured database or registry where the user can change their own settings, and the system administrator can set default or mandatory values for all users. You reach GConf settings by specifying access paths, such as /desktop/gnome/background/picture_filename—this, for example, is the key holding the file name of the desktop background picture.

Use the graphical gconf-editor if you want to browse through all options conveniently. For a short usage description of gconf-editor, see Section 6.1.1, “The Graphical gconf-editor”. If you need a scriptable solution, see Section 6.1.2, “The gconftool-2 Command Line Interface”.

[Warning]GNOME Control Center Dialogs

Accessing the Gconf System directly can result in an unusable system, if done without care.

Inexperienced users who want to adjust some common desktop features only, are recommended to use the GNOME Control Center configuration dialogs. To start the GNOME Control Center, click Computer+Control Center. For more information, see Section “The Control Center” (Chapter 3, Customizing Your Settings, ↑GNOME User Guide).

6.1.1. The Graphical gconf-editor

gconf-editor lets you browse through GConf settings and change them interactively. To start gconf-editor in the default Settings Window view, click Computer+More Applications and then in the System group click GNOME Configuration Editor.

By default, users can change settings for their own desktop, and the administrator can prepare settings for specifying default or mandatory values. For example, if you want to enable the typing break feature as mandatory for all users, proceed as follows:

  1. Start gconf-editor as root in the command line.

  2. In the tree pane on the left, expand /desktop/gnome/typing_break.

  3. Right-click enabled and select Set as Mandatory. Once this is done, you can manage this feature.

  4. Open the Mandatory settings window by clicking File+New Mandatory Window.

  5. In the tree pane of the Mandatory settings window expand /desktop/gnome/typing_break, click enabled.

  6. Close the window to save the setting by clicking File+Close Window.

For more information about gconf-editor, see the Configuration Editor Manual at http://library.gnome.org/users/gconf-editor/stable/.

6.1.2. The gconftool-2 Command Line Interface

To change settings from the command line or within scripts, use gconftool-2. A few examples follow:

As root, use the following command to list the values of all keys:

gconftool-2 --recursive-list /

If you are interested in a subset only, specify an access path such as /desktop/gnome/typing_break:

gconftool-2 --recursive-list /desktop/gnome/typing_break

To list mandatory settings:

gconftool-2 --recursive-list \
  --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory /

To set a mandatory setting such as typing_break:

gconftool-2 \
  --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
  --type bool \
  --set /desktop/gnome/typing_break/enabled true

To unset a mandatory setting:

gconftool-2 \
  --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
  --unset /desktop/gnome/typing_break/enabled

For default settings, use /etc/gconf/gconf.xml.default.

For more information about gconftool-2, see the GNOME Desktop System Administration Guide, Section GConf Command Line Tool at http://library.gnome.org/admin/system-admin-guide/stable/gconf-6.html.en and the gconftool-2 manpage (man gconftool-2).

6.2. Customizing Main Menu, Panel, and Application Browser

Control the default items shown in various sections of the main menu (Computer) by customizing the following files:

  • /usr/share/gnome-main-menu/applications.xbel:  List of default favorite applications.

  • /usr/share/gnome-main-menu/documents.xbel:  List of default favorite documents.

  • /usr/share/gnome-main-menu/system-items.xbel:  Items shown in the system section.

With gconf-editor, you can customize the number of displayed items:

  • /desktop/gnome/applications/main-menu/file-area/min_recent_items:  Minimal number of recent items.

  • /desktop/gnome/applications/main-menu/file-area/max_total_items:  Maximal number of total items.

You can customize the application browser in various ways, for example its behavior when users launch items or the number of items displayed in the New Applications category. Look up the keys /desktop/gnome/applications/main-menu/ab_* with gconf-editor.

For more information, see the Section Customizing Menus in the GNOME Desktop System Administration Guide at http://library.gnome.org/admin/system-admin-guide/stable/menustructure-0.html.en.

6.3. Starting Applications Automatically

To automatically start applications in GNOME, use one of the following methods:

  • To run applications for each user:  Put .desktop files in /usr/share/gnome/autostart.

  • To run applications for an individual user:  Put .desktop files in ~/.config/autostart.

To disable an application that starts automatically, add X-Autostart-enabled=false to the .desktop file.

6.4. Automounting and Managing Media Devices

Nautilus (nautilus) monitors volume-related events and responds with a user-specified policy. You can use Nautilus to automatically mount hot-plugged drives and inserted removable media, automatically run programs, and play audio CDs or video DVDs. Nautilus can also automatically import photos from a digital camera.

System administrators can set system-wide defaults. For more information, see Section 6.5, “Changing Preferred Applications”.

6.5. Changing Preferred Applications

To change users' preferred applications, edit /etc/gnome_defaults.conf. Find further hints within this file.

After editing the file, run SuSEconfig --module glib2.

For more information about MIME types, see http://www.freedesktop.org/Standards/shared-mime-info-spec.

6.6. Managing Profiles Using Sabayon

Sabayon is a system administration tool to create and apply desktop environment profiles. Desktop profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users. Sabayon lets you edit GConf defaults and mandatory keys using a graphical tool.

Profile definition is done through a graphical session similar to the one a user would be running, only inside a desktop window. You can change properties (such as the desktop background, toolbars, and available applets) in the usual way. Sabayon also detects changes to the default settings in most desktop applications.

Files or documents that are left in the simulated home directory or on the desktop are included in the finished profile. This includes many application-specific databases, such as Tomboy notes. Using this mechanism, it is easy to supply introductory notes or templates in a manner easily accessible to new users.

A user profile can inherit its settings from a parent profile, overriding or adding specific values. This enables hierarchical sets of settings. For example, you can define an Employee profile and derive Artist and Quality Assurance profiles from that.

In addition to providing defaults, Sabayon can also lock down settings. This makes the setting resistant to change by users. For instance, you can specify that the desktop background cannot be changed to something other than the default you provide. It prevents casual tampering with settings, potentially reducing the number of helpdesk calls, and enabling kiosk-like environments. However, it does not provide absolute security and should not be relied on for such.

Sabayon also provides a list of settings for applications and generic user interface elements that have built-in lock down support, including OpenOffice.org, and the GNOME panel. For example, the panel can be set up to allow only specific applets to be added to it and prevent changing its location or size on the screen. Likewise, the Save menu items can be disabled across all applications that use it, preventing users from saving documents.

The profiles are transferable to other computers. They reside in /etc/desktop-profiles/, and each profile is saved in a separate ZIP file.

6.6.1. Creating a Profile

Profiles are saved in ZIP files located in /etc/desktop-profiles. Each profile you save is stored in a separate ZIP file as name-of-the-profile.zip . You can copy or move profiles to other computers.

  1. Click Computer+More Applications+System+User Profile Editor.

  2. If you are not logged in as root, type the root password, then click Continue.

    Figure 6.1. Sabayon: User Profile Editor

    Sabayon: User Profile Editor

  3. Click Add.

  4. Specify a name for the profile, then click Add.

  5. Select the profile, then click Edit.

    A new desktop session opens in an Xnest window.

    Figure 6.2. Sabayon: New Xnest Window

    Sabayon: New Xnest Window

  6. In the Xnest window, make the changes to the settings that you want.

    Each setting you change appears in the Xnest window.

    You can choose to make each setting mandatory (click Edit+Enforce Mandatory), to ignore a setting (click Edit+Changes+Ignore), or make a setting default (do not selecting either Ignore or Mandatory).

  7. To lock settings for users, click Edit+Lockdown in the Xnest window.

    You can choose from the following options:

    General:  Lets you disable the command line, printing, print setup, and the save-to-disk feature.

    Panel:  Lets you lock down the panels, disable force quit, disable lock screen, disable log out, and disable any of the applets in the Disabled Applets list.

    OpenOffice.org:  Lets you define the macro security level for OpenOffice.org documents, load and save options, and user interface options.

  8. To save the profile, click Profile+Save.

    The profile is saved in /etc/desktop-profiles.

  9. Click Profile+Quit to close the Xnest window, then click Close to exit Sabayon.

6.6.2. Applying a Profile

You can apply a profile to individual users or to all users on a workstation.

  1. Click Computer+More Applications+System+User Profile Editor.

  2. If you are not logged in as root, type the root password, then click Continue.

  3. Select the profile you want to apply, then click Users.

    Figure 6.3. Sabayon: Selecting Users

    Sabayon: Selecting Users

  4. Select the users you want to use this profile.

    To apply this profile to all users on this workstation, click Use this profile for all users.

  5. Click Close.

6.7. Adding Document Templates

To add document templates for users, fill in the Templates directory in a user's home directory. You can do this manually for each user by copying the files into ~/Templates, or system-wide by adding a Templates directory with documents to /etc/skel before the user is created.

A user creates a new document from a template by right-clicking the desktop and selecting Create Document.

6.8. Desktop Lock Down Features

Sometimes it is desired to remove or disable desktop features or user access to the underlying operating system. GNOME offers so-called lock down features to change the desktop accordingly. Technically, you set GConf keys to implement those changes.

For example, if you open gconf-editor, you can see lock down keys for the main menu in /desktop/gnome/applications/main-menu/lock-down/application_browser_link_visible. There are also descriptions for all the keys. Other lock down keys are:

/desktop/gnome/lockdown/disable_command_line

If set, then terminals are not shown in the main menu and the AppBrowser.

/apps/panel/global/disable_log_out

/apps/panel/global/disable_lock_screen

If set, main menu does not show these items.

Find Firefox lock down keys in /apps/firefox/lockdown.

For more information, see the Desktop Administrators' Guide to GNOME Lockdown and Preconfiguration by Sayamindu Dasgupta: http://library.gnome.org/admin/deployment-guide/.

6.9. For More Information

For more information, see http://library.gnome.org/admin/.