10.15 Managing Profiles Using Sabayon

A profile is a collection of default settings and restrictions that can be applied to either individual users or groups of users. Sabayon is a system administration tool you can use to create and apply desktop environment profiles. It lets you use a graphical tool to edit GConf defaults and mandatory keys.

Profile definition is done through a graphical session similar to the one a user run; however, it is inside a desktop window. You can change properties (such as the desktop background, toolbars, and available applets) in the usual way. Sabayon also detects changes to the default settings in most desktop applications.

Files or documents that are left in the simulated home directory or on the desktop are included in the finished profile. This includes many application-specific databases, such as Tomboy notes. With this mechanism, it's easy to supply introductory notes or templates in a manner easily accessible to new users.

A user profile can inherit its settings from a parent profile, overriding or adding specific values. This enables hierarchical sets of settings. For example, you can define an Employee profile and derive Artist and Quality Assurance profiles from that.

In addition to providing defaults, Sabayon can also lock down settings. This makes the setting resistant to change by users. For instance, you can specify that the desktop background cannot be changed to something other than the default you provide. This prevents casual tampering with settings, potentially reducing the number of help desk calls, and it enables kiosk-like environments. However, it does not provide absolute security and should not be relied on for such.

Sabayon also provides a list of settings for applications and generic user interface elements that have built-in lockdown support, including Epiphany, OpenOffice.org, and the GNOME panel. For example, the panel can be set up to allow only specific applets to be added to it, and to prevent changing its location or size on the screen. Likewise, the Save menu items can be disabled across all applications that use it, preventing users from saving documents.

The profiles are transferable to other computers. They reside in /etc/opt/gnome/desktop-profiles/, and each profile is saved in a separate ZIP file.

10.15.1 Creating a Profile

Profiles are saved in ZIP files located in /etc/opt/gnome/desktop-profiles. Each profile you save is stored in a separate ZIP file as name-of-the-profile.zip . You can copy or move profiles to other computers.

  1. Click Computer > More Applications > System > Desktop Profile Editor.

  2. If you are not logged in as root, type the root password, then click Continue.

  3. Click Add.

  4. Specify a name for the profile, then click Add.

  5. Select the profile, then click Edit.

    A new desktop session opens in an Xnest window.

  6. In the Xnest window, make the changes to the settings that you want.

    Each setting you change appears in the Xnest window.

    You can choose to make each setting mandatory (click Edit > Enforce Mandatory in the Xnest window), to ignore a setting (click Edit > Changes > Ignore), or make a setting the default (don’t select either Ignore or Mandatory).

  7. To lock settings for users, click Edit > Lockdown in the Xnest window.

    You can choose from the following options:

    Panel: Lets you lock down the panels, disable force quit, disable lock screen, disable logout, and disable any of the applets in the Disabled Applets list.

    OpenOffice: Lets you define the macro security level for OpenOffice.org documents, load and save options, and user interface options.

    Epiphany Web Browser: Lets you hide the menu bar, make the window full screen, and disable quit, arbitrary URLs, bookmark and toolbar editing, and unsafe protocols.

  8. To save the profile, click Profile > Save.

    The profile is saved in /etc/opt/gnome/desktop-profiles.

  9. Click Profile > Quit to close the Xnest window, then click Close to exit Sabayon.

10.15.2 Applying a Profile

You can apply a profile to individual users or to all users on a workstation.

  1. Click Computer > More Applications > System > Desktop Profile Editor.

  2. If you are not logged in as root, type the root password, then click Continue.

  3. Select the profile you want to apply, then click Users.

  4. Select the users you want to use this profile.

    To apply this profile to all users on this workstation, click Use this profile for all users.

  5. Click Close.