From Mageia wiki
Jump to: navigation, search
This is a reference guide for users/network/system admins who need a reliable and secured distro (es: production environments, kiosk, etc.)


Introduction

Some environments require PCs to use only for specific applications and prevent any other form of interaction (es: lock games, internet, browse file system, restricted network access, etc):

  • Drive production machines
  • Testing workstations
  • ...

To set up our Mageia distribution for this purpose, we need to consider following aspects:

  • User interface locked
  • Reduced use of resources
  • System stability
  • System reactivity

I used:

and created two users on the system:

  • operator: with a minimal applications menu for that user. Also, many key-combinations are disabled to deny access to unauthorized actions
  • admin: with complete applications menu

Customize Login Manager (LXDM)

To prevent use of login manager to change session, remove all other unused sessions under folder /usr/share/xsession (I leave only openbox).

To enable autologin use file /etc/lxdm/lxdm.conf, compile and uncomment autologin parameter. Set also session=/usr/bin/startopenbox to enable default session.

Customize Taskbar (Tint2)

To configure taskbar (clock settings, mouse actions, etc) we can use tint2conf to help us with GUI to setup tint2 configuration file ~/.config/tint2/tint2rc. After change file owner and permissions for locked user.

Customize applications menu

Each user has a folder ~/.config/openbox that contains openbox configuration files specific for that user, for applications menu file is menu.xml that contains menu that will show when right-clicking on the desktop. After modifying it for each user, on the operator file I changed owner and permissions so a user can't modify it.

Customize shortcut keys

Always in folder ~/.config/openbox there is file rc.xml that contains all key shortcuts so editing it can disable or enable each shortcut. Also in this case I changed owner and permissions so a user can't modify it.

Customize autostart applications

Always in folder ~/.config/openbox there is file autostart that contains the command sequence to launch at user login. This is an example of file:

# set keyboard layout as 104 Keys English USA
setxkbmap -model pc104 -layout us &

# disable screensaver and energy save
xset -dpms &
xset s noblank &
xset s off &

# desktop background
feh --bg-fill /usr/share/wallpapers/bg.jpg &

# thunar daemon for automount
thunar --daemon &

# Programs that will run after Openbox has started
tint2 &
(sleep 2 && volumeicon) &

Configure font aspects (Qt and Gtk)

First modify file /etc/fonts/fonts.conf adding:

    <fontconfig>
     ...
     ...

       <match target="font" >

         <edit mode="assign" name="hinting" >
           <bool>true</bool>
         </edit>

         <edit mode="assign" name="hintstyle" >
           <const>hintslight</const>
         </edit>

         <edit mode="assign" name="antialias" >
           <bool>true</bool>
         </edit>


       </match>


       <match target="pattern">

         <edit name="dpi" mode="assign">
           <double>96</double>
         </edit>

       </match>

     </fontconfig>

Then to set Qt4 aspect we can use:

[admin@locahost ~]$ qtconfig

Then to set Gtk aspect we can use:

[admin@locahost ~]$ lxappearance

On fonts tab using hinting slight.

We need to also create file under each home folder ~/.Xresources as follows:

Xft.dpi: 96
Xft.antialias: true
Xft.hinting: true
Xft.hintstyle: hintslight