Note: This document is barely begun: please don't expect to read anything useful here yet...

In fact it's now New Year's Eve 2005 and nothing has happened here for months. I haven't entirely forgotten this project though...

Another Note: The project of which this was part has now ceased to exist as of April 2005, so I no longer have the motivation to continue with this at the moment. I may well delete this page at some stage, unless anyone finds a use for it -- if so, please add a comment to this page. -- ChrisDennis

These notes are being written while setting up two (initially) PCs for use in a communal computer room at a charity-run day centre in July (eeek! it's September already) 2005. The PCs have previously run Windows, but suffer repeatedly from:

Debian GNU/Linux was chosen because:

And Gnome was chosen over KDE because:

I'm not going to get into a discussion about why...

Then again, maybe a different window manager would be better: something that is intuitive to use for newcomers and those used to Windows.

The standard Debian Sarge installation, however, is not suitable for the purpose out of the box. Users can still change lots of things that I don’t want them to, such as...

There are various references to ‘kiosk’ versions of Linux (e.g. 2), but I want more functionality than that.

I'm learning about this as I go along, having failed to find an exact match for what I have in mind on the Internet. Comments and suggestions to will be more than welcome.

The Aim

The Plan

[#anchor] Summary


Thanks to all these sources of information, which are listed in no particular order.


This is the blow-by-blow account of what I did. See the summary above for what I should have done.

28 July 2005

31 July 2005

4 August 2005

8 August 2005

13 August 2005

    post-install 8139too ethtool -s eth0 wol g

Replace eth0 by the relevant interface. And see the manpage for ethtool (from Debian package ethtool) for an explanation of the 'g' and other options. Don't forget to run update-modules.

  1. Shutdown the computer as normal: it should be as 'off' as ever - no fans running, but the LAN card will still have power.
  2. On the remote computer, do something to wake up the target PC. I didn't want it responding to random network events, just a deliberate request to wake up, hence the 'g' option above. Run etherwake with the target PC's MAC address (etherwake is a Debian package of its own):

    etherwake -i eth1 00:11:22:33:44:55

It works for me! }}}

3 September 2005

    password --md5 PASSWORD

to menu.lst and add a lock command to each entry except the main one.


4 September 2005

    gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory / --recursive-unset

and this script takes the current settings for a user (I'll use 'standard' -- see tomorrow's entry) and makes them mandatory. At the moment, the selection of keys to use needs improving: using the '/' key means everything -- maybe that will cause problems... Anyway, this is the script:

 # Lock GConf by making certain settings mandatory
 #  i.e. copying them from the current settings for a given user
 # keys in this list must NOT end with '/' (unless it's just '/')
 #mandatorylist="/apps/gnome-print-manager \
 #/apps/metacity-default \
 #/system \
 #/desktop \
 # Until I find a reason not to, lock everything
 for key in "$mandatorylist"
        echo "Making $key mandatory:"
        # Store current settings for given user and key in a temporary file
        $gconftool --dump --config-source xml:readwrite:/home/$user/.gconf $key > $tmpfile        
        echo rc=$rc
        if [[ $rc|-eq 0 ]]
                # Load those settings into the system-wide mandatory settings store
                $gconftool --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory $key --load $tmpfile
                echo rc=$?


5 September 2005

 # standardize - copy various settings files from standard user to real user
 ## [TA] -- it's not a good idea to use "./" as relative path, since the location of this binary
 ##         could change over time.  Use a location such as /usr/local/etc

 while read stdfile
        # ignore blank lines and lines beginning with '#'
        [[ "x$stdfile" == "x" || "${stdfile:0:1}" = "#" ]] && continue
        # copy the file or folder to the real user, overwriting anything that's already there
        echo Copying $stdfile
        if [[ -d|"$src" ]]
                # it's a folder - delete it first
                rm -rf "$dest/$stdfile"
        cp -R --preserve=mode,timestamps "$src" "$dest"
        chown -R "$realuser:$realuser" "$dest/$stdfile"
 done < "$stdfiles"
 echo All done
where the standard-files file contains:
 # standard-files - list of standard user's files and folders to copy to real user
which may be too much.
 * Automate the process by calling that script from `/etc/gdm/PostLogin/Default` if the current user is the relevant one (test $LOGNAME).

Still to do

LinuxHints/LockedDownGnome (last edited 2006-12-01 01:18:08 by 212)