KDE System Administration/Kiosk/Keys: Difference between revisions

From KDE UserBase Wiki
m (34 revisions imported)
(No difference)

Revision as of 22:17, 10 March 2016

This article contains a listing of known keys that can be used with Kiosk and what they do. How to actually use these keys and other capabilities of Kiosk such as URL restrictions, creating assigning profiles, etc. is covered in the [[../Introduction|Introduction to Kiosk]] article.

Which configuration file to put these entries in depends on whether you wish to make them global to all applications or specific to one application. To make the restrictions valid for all applications, put them in kdeglobals. To enable a restriction for a specific applications place them in the application-specific configuration, e.g. konquerorrc for Konqueror.

Application Action Restrictions

These keys disable actions that are commonly found in KDE applications. To use these actions, create a section in kdeglobals that looks like this:

[KDE Action Restrictions][$i]
action/<key>=false
Key Menu Action
action/file_new File New
action/file_open File Open
action/file_open_recent File Open Recent File
action/file_save File Save
action/file_save_as File Save As
action/file_revert File Revert
action/file_close File Close
action/file_print File Print
action/file_print_preview File Print Preview
action/file_mail File Email File
action/file_quit File Quit
action/edit_undo Edit Undo
action/edit_redo Edit Redo
action/edit_cut Edit Cut
action/edit_copy Edit Copy
action/edit_paste Edit Paste
action/edit_select_all Edit Select All
action/edit_deselect Edit Deselect
action/edit_find Edit Find
action/edit_find_next Edit Find Next
action/edit_find_last Edit Find last
action/edit_replace Edit Replace
action/view_actual_size View 100% Zoom
action/view_fit_to_page View Fit To Page (zooming)
action/view_fit_to_width View Fit To Width (zooming)
action/view_fit_to_height View Fit To Height (zooming)
action/view_zoom_in View Zoom In
action/view_zoom_out View Zoom Out
action/view_zoom View Zoom
action/view_redisplay View Refresh
action/go_up Go Up
action/go_back Go Back
action/go_forward Go Forward
action/go_home Go Home
action/go_previous Go Previous
action/go_next Go Next
action/go_goto Go Go To...
action/go_goto_page Go Go To Page...
action/go_goto_line Go Go To Line...
action/go_first Go Go To Start
action/go_last Go Go To End
action/bookmarks Bookmarks Also disables action/bookmark_add and action/bookmark_edit
action/bookmark_add Bookmarks Add Bookmark
action/bookmark_edit Bookmarks Edit Bookmarks
action/tools_spelling Tools Check Spelling
action/options_show_menubar Settings Show/hide Menubar
action/options_show_toolbar Settings Show/hide Toolbar, will also disable the "Toolbars" submenu if present
action/options_show_statusbar Settings Show/hide statusbar
action/options_save_Settings Settings Save Settings
action/options_configure Settings Configure application
action/options_configure_keybinding Settings Configure Shortcuts
action/options_configure_toolbars Settings Configure Toolbars
action/options_configure_notifications Settings Configure Notifications
action/fullscreen Settings Enter full screen mode
action/help Help Not yet fully implemented
action/help_contents Help Application handbook
action/help_whats_this Help Go into "what's this" mode
action/help_report_bug Help Report a bug
action/help_about_app Help Show about application dialog
action/help_about_kde Help Show about KDE dialog

KCalc

By marking the kcalcrc config file as immutable, the "Configure" button will not be shown.

File Manager

Key Action
action/editfiletype Edit associated applications
action/properties File properties
action/openwith Open file with action
action/openintab Open link in a new tab
action/kdesktop_rmb RMB menu, see note below
action/iconview_preview Show preview thumbnails in icons, though it leaves the actual setting untouched. To disable previews (as opposed to simply disabling the user to change the setting) you also need to add the following lines to konqiconviewrc:
[Settings]
PreviewsEnabled[$i]=false
action/sharefile Disables file sharing from the UI, but you may also want to disable filesharing altogether.
action/sendURL Send Link Address
action/sendPage Send File
action/devnew Create New -> Device
action/incIconSize Increase icon size
action/decIconSize Decrease icon size
action/go Entire go menu
action/configdesktop Configure desktop in RMB menu, see also Control Module Restrictions
action/executeshellcommand In Konqueror Tools menu, see also shell_access
action/show_dot Disables the option to toggle showing hidden files, the actual setting remains unaffected. To disable showing hidden files, add the following lines to konqiconviewrc:
[Settings]
ShowDotFiles[$i]=false

Konsole

These keys can appear in kdeglobals, konsolepartrc or konsolerc.

Key Action
action/konsole_rmb Context menus
action/settings Disable the entire settings menu
action/show_menubar Show/hide the menubar
action/show_toolbar Show/hide the toolbar
action/scrollbar Show/hide the scrollbar
action/bell Configure bell actions
action/font Configure font
action/keyboard Set keyboard type
action/schema Select the schema to use
action/size Set the terminal size
action/history Configure history
action/save_default Save settings as defaults
action/save_sessions_profile Save sessions profile
action/send_signal Send a signal to the current terminal
action/bookmarks Bookmarks menu
action/add_bookmark Add a bookmark
action/edit_bookmarks Edit bookmarks
action/clear_terminal Clear the current terminal
action/reset_clear_terminal Clear and reset the current terminal
action/find_history Find in history
action/find_next Find next item in history
action/find_previous Find previous item in history
action/save_history Save history to disk
action/clear_history Clear history of current terminal
action/clear_all_histories Clear histories of all terminals
action/detach_session Detach current tab
action/rename_session Rename current session
action/zmodem_upload ZModem uploading
action/monitor_activity Monitor current terminal for activity
action/monitor_silence Monitor current terminal for silence
action/send_input_to_all_sessions Replicate input to all sessions
action/close_session Close current terminal session
action/new_session Create a new terminal session
action/activate_menu Activate menubar
action/list_sessions Session list menu
action/move_session_left Shift tab to the left
action/move_session_right Shift tab to the right
action/previous_session Go to tab to the left
action/next_session Go to tab to the right
action/switch_to_session_# Go to tab numbered #, where # is a number between 1 and 12 inclusive.
action/bigger_font Increase font size
action/smaller_font Decrease font size
action/toggle_bidi Turn bidirectional text support on or off

KWin

Key Action
action/kwin_rmb Context menus on window titlebar and frame

Plasma

Locking down the entire config with [$i] will cause everything to be immutable. Locking a Containment group will render that one group of widgets to be immutable, and locking a widget itself will cause it to not be movable as well as otherwise locked.

In addition the following resource restrictions are available:

All Plasma apps

Any application that links to libplasma supports the following resource restriction keys (the version number in parentheses is the version of the KDE Software Compilation that the key debuted in):

plasma/allow_configure_when_locked (4.4)
Whether widgets and containments can be configured when immutable / locked. The default is true as a convenience to users.
plasma/containment_actions (4.4)
Whether or not to allow Plasma mouse actions on containments (usually menus that pop up on mouse clicks)
plasma/containment_context_menu (4.4)
Whether a context menu should be shown on containments; this can be used to shut off the desktop context menu in plasma-desktop, for instance
plasma/external_script_extensions (4.5)
Whether or not to allow external scripting extensions to APIs beyond the built-in extensions and API.
plasma/<appname>/unlockedDesktop (>= 4.11.5)
Whether to allow the UI in application <appname> to be unlocked; when false, the entire UI will be immutable. Example
plasma/plasma-desktop/unlockedDesktop=false

plasma-desktop

The plasma-desktop binary (the desktop and panels part of the KDE Plasma Workspace) supports the following resource restriction keys (the version number in parentheses is the version of the KDE Software Compilation that the key debuted in)::

plasma-desktop/scripting_console (>= 4.4.0)
Whether the plasma desktop scripting console is accessible or not.
plasma-desktop/add_activities (>= 4.7.1)
Whether the user may add new activities or not

Using D-Bus To Find More Actions

Authorizing .desktop Files

Application .desktop files can have an additional field X-KDE-AuthorizeAction.

If this field is present the .desktop file is only considered valid if the action(s) mentioned in this field has been authorized. If multiple actions are listed they should be separated by commas (',').

If the .desktop file of an application lists one or more actions this way and the user has no authorization for even one of these actions then the application will not appear in the KDE menu, will not allow execution via that .desktop file and will not be used by KDE for opening files of associated mimetypes.

File Dialog

These keys disable actions that are found in the KDE file dialog. To use them, create a section in kdeglobals that looks like this:

[KDE Action Restrictions][$i]
action/<key>=false
Key Action
action/home Go to home directory
action/up Go to parent directory
action/back Go to previous directory
action/forward Go to next directory
action/reload Reload directory
action/mkdir Create new directory
action/toggleSpeedbar Show/hide sidebar
action/sorting menu Sorting options
action/short view Select short view
action/detailed view Select detailed view
action/show hidden Show/hide hidden files
action/preview Show/hide preview
action/separate dirs Show/hide separate directories

Printing

There are several keys that restrict various aspects of the KDE print dialog and printing system. To use them, create a configuration section like this:

[KDE Resource Restrictions][$i]
print/<resource key>=false

Note how each of the printing keys start with print in the configuration file.

print/copies
Disables the panel that allows users to make more than one copy.
print/dialog
Disables the complete print dialog. Selecting the print option will immediately print the selected document using default settings. Make sure that a system wide default printer has been selected. No application specific settings are honored when this restriction is activated.
print/options
Disables the button to select additional print options.
print/properties
Disables the button to change printer properties or to add a new printer.
print/selection
Disables the options that allows selecting a (pseudo) printer or change any of the printer properties. Make sure that a proper default printer has been selected before disabling this option. Disabling this option also disables print/system, print/options and print/properties.
print/system
Disables the option to select the printing system backend, e.g. CUPS. It is recommended to disable this option once the correct printing system has been configured.

Resource Restrictions

KDE applications can take advantage of many types of resources such as configuration data, caches, plugin registries, etc. These are loaded from both system-wide as well as from per-user locations on disk. It is possible to restrict use of the per-user resources directories, preventing users from adding to or altering existing shared resources.

This is accomplished by creating a section like this in a configuration file:

[KDE Resource Restrictions][$i]
<resource key>=false

The following resources can be used as keys and controlled in this manner:

Key Directory Provides
all n/a All resources listed in this table
autostart share/autostart Apps to start on login
data share/apps Application data
data_<appname> share/apps Application data for the application named <appname>
html share/doc/HTML HTML files
icon share/icon Icons
config share/config Application configurations
pixmap share/pixmaps Images
xdgdata-apps share/applications Application .desktop files
sound share/sounds Sound files
locale share/locale Localization data
services share/services Protocols, plugins, kparts, control panels, etc. registry
servicetypes share/servicetypes Plugin definitions, referenced in services registry entries
mime share/mimelnk Mimetype definitions
wallpaper share/wallpapers Desktop wallpaper images
templates share/templates Document templates
exe bin Executable files
lib lib Libraries

Screensavers

In kdeglobals in the [KDE Action Restrictions] group:

opengl_screensavers
defines whether OpenGL screensavers are allowed to be used.
manipulatescreen_screensavers
defines whether screensavers that manipulate an image of the screen (e.g. moving chunks of the screen around) are allowed to be used.

Automatic Log-out

In kscreensaverrc:

[ScreenSaver]
AutoLogout=true
AutoLogoutTimeout=600

The timeout is the time in seconds that the user must be idle for before the logout process is automatically started. Be careful with this capability as it can lead to data loss if the user has unsaved files open.

Session Capability Restrictions

These keys apply to various capabilities associated with a desktop session and are not application specific. To use them, create a section in kdeglobals that looks like this:

[KDE Action Restrictions][$i]
<key>=false
custom_config
Whether the --config command line option should be honored. The --config command line option can be used to circumvent locked-down configuration files.
editable_desktop_icons
define whether icons on the desktop can be moved, renamed, deleted or added. You might want to set the path for the desktop to some read-only directory as well instead of $HOME/Desktop.
lineedit_text_completion
Defines whether input lines should have the potential to remember any previously entered data and make suggestions based on this when typing. When a single account is shared by multiple people you may wish to disable this out of privacy concerns.
action/lock_screen
whether the user will be able to lock the screen.
logout
whether the user will be able to logout from KDE.
movable_toolbars
define whether toolbars may be moved around by the user. See also action/options_show_toolbar.
run_command
whether the "Run Command" (Alt-F2) option is available.
NOTE: To also disable desktop context menu run command action/run_command is required at [KDE Action Restrictions]
run_desktop_files
defines whether users may execute desktop files that are not part of the default desktop, KDE menu, registered services and autostarting services.
  • The default desktop includes the files under $KDEDIR/share/kdesktop/Desktop but not the files under $HOME/Desktop.
  • The KDE menu includes all files under $KDEDIR/share/applnk and $XDGDIR/applications
  • Registered services includes all files under $KDEDIR/share/services
  • Autostarting services include all files under $KDEDIR/share/autostart but not the files under $KDEHOME/Autostart
shell_access
Whether a shell suitable for entering random commands may be started. This also determines whether the "Run Command" option (Alt-F2) can be used to run shell-commands and arbitrary executables. Likewise, executables placed in the user's Autostart folder will no longer be executed. Applications can still be autostarted by placing .desktop files in the $KDEHOME/Autostart or $KDEDIR/share/autostart directory. See also run_desktop_files.
You probably also want to activate the following resource restictions:
  • "appdata_kdesktop" - To restrict the default desktop.
  • "apps" - To restrict the KDE menu.
  • "xdgdata-apps" - To restrict the KDE menu.
  • "services" - To restrict registered services.
  • "autostart" - To restrict autostarting services.
Otherwise users can still execute .desktop files by placing them in e.g. $KDEHOME/share/kdesktop/Desktop
skip_drm
defines if the user may omit DRM checking.
start_new_session
defines whether the user may start a second X session. See also the documentation on kdm configuration.
switch_user
defines whether user switching via kdm is allowed. See also the documentation on kdm configuration.