A common need I find myself fulling is setting up a desktop that lasts forever without maintenance. Ubuntu Linux doesn’t suffer from outside attacks generally (virus’s and such) but a 6 year old user is another story. What we need is a desktop that limits user access while still allowing users to save documents and get work done. The following things need done
- Lock display appearance (theme, fonts, shortcuts, etc)
- Filter Internet
- Fully automatic updates
OK so obviously don’t give them root access, duh. I’ve made a script to lock down the gnome’s appearance menu, gnome panel, desktop icons.
# Don't allow gnome appearance properties
sudo chmod 744 /usr/bin/gnome-appearance-properties
# Don't let users mess with the desktop
chmod -R -w Desktop/
# Don't let users mess with the panel
gconftool-2 --type bool --set /apps/panel/global/locked_down true
No more children changing the font size to 96pt!! For filtering the Internet, I use Procon Latte, a firefox addon. Procon works by looking at websites for bad words and blocking offending sites. Now many computers need to access job sites which sometimes say something like Must be 18 years old to… Yes that’s the same phrase used in many porn sites so it’s best to edit procon’s blacklist and remove phrases like that. Also giving the administrator the password to procon and showing them out to put web sites on a whitelist is a must. I try to stay away from installing wine too because of all the garbage users might attempt to install.
Ok locked down, now for updates. Since the user doesn’t have admin rights they can run updates themselves. The admin is too busy so forget that. Ubuntu has an option for automatic updates, but it really means only security updates. So I put this into cron. At a terminal type sudo crontab -e If you don’t know what vi or emacs are just press 3 for nano. Now enter
0 3 * * * aptitude -y update && aptitude -y upgrade && aptitude -y dist-upgrade && aptitude -y autoclean
This runs truly automatic updates at 3am every night. I would just disable automatic updates in software sources to keep it from annoying the user now. Of course this only works while your ubuntu version is supported. I suggest using LTS versions that are supported longer. Usually an out of date configuration is the norm anyways so if you can’t come back to update, it’s probably fine.