ConfigurationLockdown

Summary

Specification for a set of policies and settings important for desktop lockdown.

Rationale

Define and implement lock down of policy and configuration settings in Unity and the desktop, whether dconf settings or PolicyKit policies. While there are many settings that could be targeted we'll prioritize a short list.

Design

Unity Settings

Requirement

Description

User stories

Comments

Launcher lockdown

Ability to prevent users from modifying the launcher (adding/removing/reordering)

Administrator Ryan wants to set up a locked down PCs in the school library for users to browser the web. Ryan wants to populate the launcher with 3 icons, one for browsing, and 2 more for 2 web apps (library catalog web app and school directory). Ryan doesn't want users to be able to add new icons (for instance for webapps like Facebook etc) nor remove any of these 3 icons.

This lockdown feature makes sense for Kiosk usage or thin client usage, where guest profiles are used. For use cases where a user logs onto Unity (as opposed to using a shared profile) it doesn't make sense for an administrator to use this lockdown. Instead administrators should use the concept of mandatory applications (so as to make sure required applications are visible while letting users stay in control of their desktop environment).

Mandatory applications

Ability to prevent users from removing an application from the launcher

Administrator Ryan has a couple of key applications he'd like to make visible (as opposed to just discoverable) to all users. He wants all users to always see these icons in their Launcher.

We need a reminder in the admin UI that adding too many apps in the Launcher defeats its purpose and also remind them that this functionality shouldn't be abused as the goal of the launcher is to reflect user's preferences.

Shortcut Disabling

Ability to disable shortcuts like Alt+F2 (Run a command) or Ctrl+Alt+T (Start gnome-terminal)

Administrator Ryan doesn't want users to be able to start a terminal.

Keyboard shortcuts should be tied in automatically with the availability of the app., i.e. if a user does not have access to a particular app then the key sequence has no effect.

Ability to hide system and devices menu items

Administrator Ryan doesn't want users to update their system, add startup applications, etc.

Ability to hide specific indicators

Ability to hide some system settings items

Ability to dynamically add icons to the launcher

The remote application scope could be initialized after a Unity session is started. The remote app scope should have an API that allows it to dynamically add icons in the launcher.

User Joe starts a Unity session while offline (with no network connection). Later on, Joe connects to his intranet. The remote application scope connects to connection broker and gets a list of remote application published to Joe. Joe has marked some of these applications as preferred applications ("Keep in launcher") or his administrator has made them mandatory. Icons for these applications appear on Joe's launcher.

Show devices

Ability to lock 'Show Devices' setting to 'Always', 'Never', or 'Only Mounted'

Administrator Ryan doesn't want users to be able to save documents on a local USB drive. User Joe inserts his USB drive on a computer and the drive isn't automatically mounted.

Desktop Settings

  • Prevent installing software
  • Prevent removing software
  • Prevent installing updates
  • Prevent access to system settings
  • Disable mounting of external media
    • - preferably separate read/write permission to allow read-only or prevent read and write
  • Disable file downloads
  • Prevent installation of removable devices
  • Remove CD/DVD burning features
  • Prevent access to network drives
  • Prevent filesystem access outside of $HOME
  • Prevent changing password
  • Disable changing proxy settings
  • Disable browser configuration access
  • Prevent share of private information on browser (e.g. Firefox Sync)
  • Disable "Log Out...", "Suspend", "Hibernate", "Shut Down", and "Restart"
  • Force automatic updates
  • Prevent upgrade of releases
  • Prevent change of update sources
  • Prevent addition of printers
  • Prevent deletion of printers
  • Prevent changing desktop background
  • Prevent changing timeout to activate screen lock

Implementation

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

This need not be added or completed until the specification is nearing beta.

Unresolved issues

This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.


CategorySpec

Specification/ConfigurationLockdown (last edited 2012-08-03 13:06:56 by gekker)