Linux Containers Authors: Olivier Huynh Van, Derek Weeks, Stackify Blog, Automic Blog, Elizabeth White

Related Topics: Linux Containers

Linux Containers: Article

KDE's KIOSK Admin Tool

The desktop policeman

Linux is infinitely configurable. It's so flexible it runs on mainframes, cell phones, PCs, even gaming stations and digital video recorders (DVRs). This is one of its biggest strengths especially for those who want control or the freedom to tailor a desktop PC to their specific needs. It is also a boon to the system administrator who may want to configure the desktop to the point where it serves user needs, not their whims. Depending on your organization your desktop may be locked down so you can't install unnecessary programs that can cause the system to fail. In cases like schools there might be a reason to restrict functions. Linux can accommodate customization just like Windows does through the use of policies.

KDE's KIOSK framework provides a mechanism for managing and specifically restricting the KDE environment so users can't perform undesireable actions on their desktop. This capability is extremely useful in situations where PCs are used by multiple users or are left unattended as in libraries and other places to allow limited access to PC functions. As a Windows user you might be familiar with ini files where you can set certain parameters for the Windows operating system and programs. An interesting example is when you set the shell= line in the system.ini in Windows 98. It can replace the Windows shell with Word or another application and run the operating system with only one application. In KDE there are a number of configuration files that store settings like the Windows ini files. The KIOSK Admin tool can be used to configure and lock down a number of features in the KDE desktop. It works by creating profiles for certain types of users and applying those profiles to user accounts. Different accounts can be subject to different limitations, making it possible to turn a PC into a low-maintenances public access terminal kept in an immutable state that allows no permanent changes other than those made by an administrator.

The kinds of things you can do with KIOSK are very broad but the things that KIOSK can do fall into three basic categories.

  • Lock Down - You can lock down the K Panel so that no changes are made or configure network proxy settings so they are unchangeable. Users are then unable to circumvent proxies that filter content that doesn't fall within appropriate use policies.
  • Disable - KIOSK can be used to limit functionality. This might include taking advantage of certain programs or features like Desktop Sharing that are available to the fully privileged user. You can disable the Logout option, the Run Command, and a host of others.
  • Look-and-Feel - You can pre-configure a desktop so themes and other settings are static and the cosmetic aspects of the operating system stay intact.
This is handy when making a public use terminal that may advertise a company or organization. The desktop wallpaper and the look-and-feel can be maintained to represent the organization's interests without fear that vandals will change the wallpaper or leave inappropriate messages on the system.

KIOSK Admin Tool isn't so much an extension of KDE functionality as it is a systems management tool that can be used by a corporate systems administrator or parent who might be concerned about how his children are using their PCs. It's a great way to set up shared workstations among a great number of users or just a few. The tool isn't that well documented but the KIOSK Mailing List provides a good forum and valuable archives on how to do things or troubleshoot problems. While you could edit and tweak configuration files individually this type of tool, it's helpful in centralizing many common Linux configuration files into an easy-to-use menu driven interface.

Other Resources:
- www.tldp.org/HOWTO/KDE-KIOSK-Mode/
KDE KIOSK Mailing List - https://mail.kde.org/mailman/listinfo/kde-KIOSK


Interview with KIOSK Admin Tool Creater Waldo Bastian

LWM: I noticed the KIOSK Tool was included with SuSE 9.2 but that's the first I've seen of it. Can you give me some history on it?

Bastian: KIOSK and generic lock-down functionality were added to KDE 3.0 and from there it has slowly progressed based on feedback from our users. The functionality was originally aimed at making public terminals public-proof, hence the name KIOSK, but it quickly became clear that similar functionality is also very valuable in an enterprise setting where it can be put to use to reduce support costs.

What was still missing was an easy-to-use way for system administrators to unlock its potential. I started with the development of a graphical administration tool for it, the KIOSK Admin Tool, at the beginning of 2004. The aim was to have it ready in time for the Novell Linux Desktop.

LWM: It seems like the idea to lock down a Linux desktop would be appealing to other distributions as well. Is KIOSK dependent on anything outside of KDE?

Bastian: All the functionality provided by the KIOSK Admin Tool is part of the standard KDE platform; there are no outside dependencies.

LWM: Is there a home page for KIOSK, other than http://extragear.kde.org/apps/KIOSKtool.php?

Bastian: http://extragear.kde.org/apps/KIOSKtool.php is the homepage of the KIOSK Admin tool but the System Administration section on the KDE Web site also contains valuable information for administrators who want to deploy KDE. It is here: www.kde.org/areas/sysadmin/

Another good source of information is the [email protected] mailing list. You'll find many people there who have successfully used the KIOSK framework while deploying KDE. See https://mail.kde.org/mailman/listinfo/kde-KIOSK

LWM: Do you have any favorite KIOSK success stories?

Bastian: My favorite is about a new school in Denmark that's using KDE and SUSE and KIOSK to provide the teaching staff and the 138 children with desktops. KIOSK provides both young and old with a safe computing environment where they don't have to be afraid of breaking anything. As with many schools they don't have a big budget, so they use a thin client setup that allows them to run one central server with a mixture of old and very old PCs as clients

More Stories By Mark R. Hinkle

Mark Hinkle is the Senior Director, Open Soure Solutions at Citrix. He also is along-time open source expert and advocate. He is a co-founder of both the Open Source Management Consortium and the Desktop Linux Consortium. He has served as Editor-in-Chief for both LinuxWorld Magazine and Enterprise Open Source Magazine. Hinkle is also the author of the book, "Windows to Linux Business Desktop Migration" (Thomson, 2006). His blog on open source, technology, and new media can be found at http://www.socializedsoftware.com.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@ThingsExpo Stories
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and attent...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" ...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.