On Mon, 3 Dec 2001, Mark Evans wrote:
Can't this be done by sym-linking the appropriate parts of '.kde' to a non writable master copy. I though I'd limit my users (my wife) in this fashion but see told me not to.... The problem is you can need to think quite hard about exactly what you link.
And what is supposed to prevent users deleting the symlinks?
IMHO it's a design defficency quite a bit of software (not just KDE) has, apparently copied from Windows. Which is to make everything only end user configurable. Which is a pain where not only don't you want the end user configuring things they wouldn't have the first clue anyway. (I find web browser settings an especial annoyance.)
Personally, I think that the most elegant solution is for applications to merge both central and per-user settings. KDE does this - you can create settings in /usr/share/config/* that will apply to all applications, but can be overridden by end users when necessary. It always irritates me when I have to use a system on which the user interface has been locked down in the interests of 'security'. This is, as far as I can tell, a practice that originates from the days of Windows 95, when you had to lock down the user interface simply because the underlying system didn't provide any security itself. This is not the case with Linux; even if you leave the full user interface exposed there is very little that users can do that will affect anything beyond their own personal settings. We have had no problems with providing "unlocked" user interfaces to both primary- and secondary-age students on both Linux and WinNT platforms. Not a single issue has yet arisen due to students playing around with settings, in over four years. I think the key is to ensure that users don't ever have to wander in to the settings and start fiddling. Make it all "just work" in the first place. It can be done. Users should always be able to sit down and just start using a piece of software, without having to set anything up first. For the record, and because it's mildly relevant to this discussion, we are currently creating a policy-type configuration tool. The idea is that you don't bother to configure any individual computers on the network (even servers); instead you create configuration rules from which every computer can derive their configuration. For example, you create a rule that says "the proxy server is SERVER1". From this, SERVER1 knows that it must install and start up Squid. Simultaneously, all the other computers on the network know that they must set SERVER1 as the proxy server for all installed browsers. Please note *all* computers and *all* browsers: this rule would apply to Konqueror, Netscape, Galeon, Opera, MSIE, lynx, etc. - the same configuration rule applies to multiple different pieces of software across multiple platforms. We are planning a release on SourceForge soon (will be at fenconfig.sourceforge.net, but nothing has yet been uploaded). It will be GPL. [ We have already planned for a category of rules that deal with locking down user interfaces. The category title will be "User Irritants". :-) ] Michael