Say you want to set default printers by workstation location, enable passwordless remote desktop, or reduce Firefox disk cache for all 50 users on your terminal server? It would be tedious to perform these changes each individual account. This page is about efficiently managing user configuration, preferences, and profiles. This page may also be a good place to write about lock-down facilities such as KDE's Kiosk.

While this page is not LTSP specific, many terminal server administrators will want an efficient way to manage user configuration on multiuser Linux systems.

Status: Contents immature. (Feel free to edit and develop.)

Sabayon

"Sabayon is a system administration tool to manage GNOME desktop settings" and Firefox settings.

Mozilla Firefox

As a brief example, say you want the default network connectivity to be a proxy configured by the address http://foo/wpad.dat. Then, create the file /usr/lib/firefox-1.5.0.4/defaults/pref/all-proxy.js (path may differ on your system) with the contents:

pref("network.proxy.type", 2);
pref("network.proxy.autoconfig_url", "http://foo/wpad.dat");

Maintaining customized default .js settings across package updates

After your system updates Firefox (for example) 1.5.0.4 to 1.5.0.5, the all-proxy.js (from above example) would be in the wrong directory. Here's a way to automate keeping the file in the right directory.

First, copy all-proxy.js to /usr/local/etc/.

Then, add the following to /etc/cron.daily/firefox.sh.

# Find latest Firefox
FIREFOX_DIR=`ls -d /usr/lib/firefox-1.* | tail -n 1`

# Set Default Firefox preferences
ln -fs /usr/local/etc/all-proxy.js $FIREFOX_DIR/defaults/pref/

Next, chmod +x /etc/cron.daily/firefox.sh.

Now, you can enjoy automatic Firefox updates without losing the default settings.

Links

Try these links:

• Firefox CCK (Client Customization Kit) Wizard
• A Brief Guide to Mozilla Preferences
• HOWTO Lockdown Mozilla Preferences for LTSP
• FirefoxLockdown at University of Waterloo
• Kiosk Browser extension
• Firefox Kiosk Browser

Opera

Opera can be run in kiosk mode, which is a mode mainly suited for information stands. Such stands are typically found in libraries, airports, bank offices, or shopping malls. The information stand will run a browser that lets the user browse for the necessary information, but denies access to the computer and browser settings. After a period of inactivity, the browser should reset and return to a specified home page.

Kiosk mode automatically configures Opera for use with information stands. Certain functionality has been hidden from the user, and special functions are enabled to make kiosk maintenance easier. Opera's kiosk mode supports all of the basic functions mentioned above, and a lot more, keeping all standard browsing functionality intact.

setting Opera Kiosk Mode

GNOME

GNOME stores settings in GConf (similar to the Windows registry). Browse settings using gconf-editor, which even has built-in documentation for most settings. Then, manipulate settings on the command-line using gconftool-2.

Discretionary settings

A user may change discretionary settings at any time, so while discretionary settings are useful for defaults, they are not useful for locking down kiosks.

Discretionary settings are stored in two places:

• /etc/gconf/gconf.xml.defaults system-wide defaults
• $(HOME)/.gconf per-user settings

Mandatory settings

A user is prohibited from changing mandatory settings, so they are useful for kiosk-type workstations.

Discretionary settings are stored in /etc/gconf/gconf.xml.defaults.

gconftool-2, a command-line tool

gconftool-2 is a command-line program for querying and changing GConf settings.

Changing current user's settings

By default, gconftool-2 changes the current user's GConf settings (which are discretionary).

Here is an example of how to from the command-line turn on confirmation for remote desktop:

gconftool-2 --type bool --set /desktop/gnome/remote_access/prompt_enabled 1

Automate setting the GConf settings by calling the gconftool-2 command in a login script.

Changing system-wide settings

Running gconftool-2 with the --config-source parameter allows root to change system-wide settings. Follow up --config-source with one of these two values:

• /etc/gconf/gconf.xml.mandatory for mandatory settings
• /etc/gconf/gconf.xml.defaultsy for default settings (discretionary)

Here is an example of how to from the command-line mandate that the remote desktop always ask for confirmation:

gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /desktop/gnome/remote_access/prompt_enabled 1

Lock-down with UNIX permissions

I haven't tried it, but you may be able to lock-down a users' GConf settings by adjusting the permissions $(HOME)/.gconf so that it is not writable.

Automatically-starting login scripts

GNOME can run a program on user login using several different methods. These are a good place to call a script to set discretionary settings such as the default printer.

See also the Gentoo Autostart guide.

/usr/share/gnome/default.session

Here is an example of how to call /usr/local/bin/foo.sh on login.

Add lines like the following to the file /usr/share/gnome/default.session. (You may need to adjust the integer at the beginning of each line.)

7,RestartStyleHint=3
7,Priority=52
7,RestartCommand=/usr/local/bin/foo.sh

Then, near the top of the same file default.session, increment the value of num_clients by one.

For more information, see Gnome System Administration Guide on Sessions.

(Thanks to HenryBurroughs^? for this GNOME login script tip found on the page LocalMedia.)

Freedesktop.org Autostart Directories

Some systems have the following autostart directories:

• /etc/xdg/autostart/foo.desktop
• /usr/share/gnome/autostart/foo.desktop

Simply place or link a .desktop file in one of these directories, and the program specified in the .desktop file should start with the window manager. (If you don't know what a .desktop file looks like, use one from /usr/share/applications/ as a template.)

Gnome supports this autostart as of Gnome 2.14.

TODO: The splash screen seems to linger very long now. Is it because the Bash login script is not XSMP compliant? Maybe Gnome bug 315350.

Server removable media

Two problems:

• When an optical disk is put in the server, the user sees its icon (1) on his desktop, (2) in Computer, (3) in the GTK File Chooser. Also Gnome's CD/DVD burning program popups up.
• A user may be able to access /media/* (removable media on the server)

This section needs research.

On the web

Gentoo Wiki's GNOME Admin Guide quick-n-dirty covers managing discretionary and mandatory settings through a login method resembling Sabayon.

GConf configuration system is the official GNOME web page.

Default printer

By changing the file lpoptions

See "Setting a Default Printer on a Per User Basis" in Printers.

By calling the program loptions

If you have a widespread terminal server system, then you may need to set the default printer based on the physical location. This can be done on a per-workstation basis with a script calling lpoptions.

Here is an example of how to from the command line set the default printer to foo for the current user:

lpoptions -d foo

Using a script

Automate setting the default printer by workstation location by calling lpoptions in a login script.

# Helper for function set_default_printer.
#
# If the current client name (first part of hostname) is found in argument 2,
# then the default printer is set to that in argument 1.
#
# Argument 1: printer name
# Argument 2: space-delimited list of client names that belong to printer in argument 1
#

SET_PRINTER=0

function set_default_printer_helper
{
        # change the space-delimited to \n delimited
        clients=`echo $2 | sed "s/ /\n/g"`

        #echo "debug: SHORTCLIENT = $SHORTCLIENT"; echo

        # look for $SHORTCLIENT in clients
        for client in `echo $clients`;
        do
                #echo "debug: client = $client"
                if [ "$SHORTCLIENT" = "$client" ]
                then
                        echo "Setting default printer to $1"
                        notify-send -i printer -t 7500 "FYI" "Setting default printer to $1"
                        lpoptions -d $1
                        SET_PRINTER=1
                fi
        done

}

# for VNC users
function set_printer_defaults_manual
{
        CHOICE=`zenity --list --text "Please choose a default printer (because you are using VNC)" --column "Printer name" --column Description printer1 "HP LaserJet 2420dn, 3rd floor" printer2 "HP LaserJet 1320n, 4th floor"`

        if [ "$CHOICE" != "" ];
        then
                lpoptions -d $CHOICE
                SET_PRINTER=1
        fi
}




# Sets the default printer based on physical location (specifically,
# by workstation).  Also sets default printer settings.
#
#

function set_printer_defaults
{
        if [ "$CLIENT" = "localhost.localdomain" ];
        then
                # it is hard to find physical location with VNC
                set_printer_defaults_manual

        else
                set_default_printer_helper "printer1" "ws001 ws002 ws003"
                set_default_printer_helper "printer2" "ws004 ws004 ws006"
        fi
        if [ "$SET_PRINTER" -eq 0 ];
        then
                PRINTER=`lpstat -d | grep -o [a-z]*$`
                notify-send -i printer -t 10000 "FYI" "No printer associated with location $CLIENT.  Default printer still is $PRINTER ."
        fi

}

OpenOffice.org

To disable the welcome/license/registration dialog, see http://www.oooforum.org/forum/viewtopic.phtml?t=24608.

How do you set a network proxy?

• Suse supports a "system settings" setting.
• OpenOffice.org 2.0.4+ can use KDE system wide settings.
• Hack the system wide XML files (see the welcome dialog hack above).

Using UNO Packages

(I haven't tried this yet.)

First, Put your settings/fonts/templates in an UNO Package. (The container is a zip file.)

Second, install the UNO Package using /opt/openoffice.org2.0/program/unopkg foo.zip or /opt/openoffice.org2.0/program/unopkg add foo.zip for a single user or add -s or --shared for all users. Note: The syntax for unopkg tool differs whether you read the blog or the output of running unopkg.

KDE

This section needs research. See KDE for System Administrators.

Kiosk Tool

A Point&Click tool for system administrators to enable KDE's KIOSK features or otherwise preconfigure KDE for groups of users. a link to Kiosk Tool site.

Autostart

For Freedesktop.org-specified type, see Gnome autostart. See also the Gentoo Autostart guide.

ZENWorks

Has anyone tried ZENWorks?

Environment variables

See the directory /etc/profile.d. For example, if you want all Bash users to have have environment variables used by most programs to define the web proxy, create the file /etc/profile.d/proxy.sh with these contents:

#!/bin/bash

PROXY=http://webcache.foo.bar:8080/

export no_proxy=.foo.bar
# note: different programs use different cases (uppercase or lowercase)
export http_proxy=$PROXY
export ftp_proxy=$PROXY
export HTTP_PROXY=$PROXY
export FTP_PROXY=$PROXY

XMMS

If you use ESD, call the following in a login script to set XMMS to use the Esound plugin for output.

# set XMMS to use ESD
if [ -e ~/.xmms/config ]; then
        # if ~/.xmms/config exists, simply replace the output plugin without modifying other settings
        sed -i "s/libOSS.so/libesdout.so/g" ~/.xmms/config
else
        # if ~/.xmms/config does not exist, create a skeleton configuration
        mkdir ~/.xmms
        echo "[xmms]" > ~/.xmms/config
        echo "output_plugin=/usr/lib/xmms/Output/libesdout.so" >> ~/.xmms/config

fi

General links

• Corporate Ubuntu wiki page managing Gnome/OpenOffice.org configuration, etc.