Optimizing the Oracle® Solaris Desktop for a Multi-User Environment

Exit Print View

 
Updated: July 2014
 
 

Customizing GConf Based Optimizations

Desktop preferences are managed by using GConf. The value of the desktop preferences that are used by the Oracle Solaris 11 Desktop is priority-based. The following table shows the preference value that is used by the desktop.

Priority
Type of Desktop Preference
Owner
1
Mandatory
Set by the system administrator
2
Mandatory
Set by the application/gconf/multi-user-desktop SMF service
3
Default
Set by the user
4
Default
Set by the system administrator
5
Default
Set by the application/gconf/multi-user-desktop SMF service

For example, if the application/gconf/multi-user-desktop SMF service sets the value of the /desktop/gnome/background/draw_background preference to false and the user overrides the same setting and sets the value to true, the effective value of the setting that is used by the desktop is true. This value is used because the value that is set by the user for the default setting has a higher priority than the value that is set by the SMF service.

Similarly, in the case of mandatory settings, if a system administrator has modified a setting before enabling the SMF service, the effective value of the setting that is used by the desktop is the one that is set by the system administrator and not the SMF service.

Modifying GConf Settings as a Standard User

A standard user can modify any of the default settings. The settings can be customized by using GUI tools such as “Appearance Preferences” that is available in the desktop. For settings that cannot be accessed by using the GUI tools, use the gconftool-2 command line utility to modify the settings.

Using the gconftool-2 Command-Line Utility

The following examples show the usage of the gconftool-2 command-line utility.

  • To read the current value of a desktop preference, type:

    $ gconftool-2 --get /desktop/gnome/lockdown/allowed_applications

  • To set the value of a desktop preference, type:

    $ gconftool-2 --type string --set /desktop/gnome/font_rendering/hinting "full"

  • To unset the value of a desktop preference, type:

    $ gconftool-2 --unset /desktop/gnome/font_rendering/hinting
Using the gconftool-2 Utility With XML Files

You can save the GConf settings in an XML file and provide this file as an input to the gconftool-2 utility. The gconftool-2 configures settings based on the information present in the XML file.

The following examples show the usage of the gconftool-2 utility with XML files.

  • To read the current value of a setting, type:

    $ gconftool-2 --dump /desktop/gnome/lockdown > /tmp/settings.xml
    Note - To save the value of a preference in an XML file, you must specify one level up in the preference hierarchy for the --dump option. For example, if you want the value of the /desktop/gnome/lockdown/allowed_applications preference, you must specify /desktop/gnome/lockdown for the --dump option.

  • To set the value of a setting, type:

    $ gconftool-2 --load /tmp/settings.xml

  • To unset the value of a setting, type:

    $ gconftool-2 --unload /tmp/settings.xml

The following sample XML file shows the values that are set by using the gconftool-2 utility.

<?xml version="1.0"?>
<gconfentryfile>
<entrylist base="/desktop/gnome/background">
<entry>
             <key>draw_background</key>
             <value>
                 <bool>true</bool>
             </value>
         </entry>
         <entry>
             <key>picture_options</key>
             <value>
                 <string>zoom</string>
             </value>
         </entry>
     </entrylist>
</gconfentryfile>

Modifying GConf Settings as a System Administrator

A system administrator can modify any of the default and mandatory desktop preferences. The changes made by a system administrator affects all users.

How to Modify GConf Settings as a System Administrator

  1. Create the following directories in the /etc/gconf directory.

    • gconf.xml.admin.defaults

    • gconf.xml.admin.mandatory

  2. Create the following files in the /etc/gconf/2 directory.

    • local-defaults.path

    • local-mandatory.path

  3. Add the following line in the local-defaults.path file.
    xml:readonly:/etc/gconf/gconf.xml.admin.defaults
  4. Add the following line in the local-mandatory.path file.
    xml:readonly:/etc/gconf/gconf.xml.admin.mandatory
  5. Save the settings in the default and mandatory directories created in Step 1.

    For example:

    $ gconftool-2 --direct 
--config-source xml:readwrite:/etc/gconf/gconf.xml.admin.defaults 
--load /tmp/default-settings.xml

$ gconftool-2 --direct 
--config-source xml:readwrite:/etc/gconf/gconf.xml.admin.mandatory 
--load /tmp/mandatory-settings.xml
  6. Provide read permissions to all users who can use the settings.

    For example:

    $ chmod -R 755 /etc/gconf/gconf.xml.admin.defaults
$ chmod -R 755 /etc/gconf/gconf.xml.admin.mandatory
Restricting Applications

As a system administrator you can restrict the type of applications that users can start by modifying the value of the /desktop/gnome/lockdown/allowed_applications preference. This preference specifies the list of applications that users are allowed to start. Based on your requirements, you can add or remove applications from this list.

The following example show how to add a new application to the list of allowed applications.

Example 1  Adding a New Application to the List of Allowed Applications

Consider that you have installed a new application /usr/bin/new_app. To make this new application available to users, you must add this application to the list of allowed applications by updating the value of the /desktop/gnome/lockdown/allowed_applications preference. The following example shows how to update the value of the preference.

  1. Copy the existing value of the /desktop/gnome/lockdown/allowed_applications preference to an XML file.

    $ gconftool-2 --dump /desktop/gnome/lockdown > /tmp/new-settings.xml

  2. In the /tmp/new-settings.xml file, add the new application to the list of allowed_applications.

    <value>
<string>/usr/bin/new_app</string>
</value>
    Note - In the /tmp/new-settings.xml file, you can remove settings other than the allowed_applications setting.

  3. Create the gconf.xml.admin.mandatory directory in the /etc/gconf directory.

  4. Create the local-mandatory.path file in the /etc/gconf/2 directory.

  5. Add the following line in the local-mandatory.path file.

    xml:readonly:/etc/gconf/gconf.xml.admin.mandatory

  6. Save the new settings in the mandatory directory created in Step 3.

    For example:

    $ gconftool-2 --direct 
--config-source xml:readwrite:/etc/gconf/gconf.xml.admin.mandatory 
--load /tmp/new-settings.xml

  7. Provide read permissions to users who can use the setting.

    For example:

    chmod -R 755 /etc/gconf/gconf.xml.admin.mandatory

Similarly, to remove an application from the list of “allowed applications” you must remove the entry of the application from the XML file and load the new settings.

Note - Applications that are not present in the list of allowed applications do not start automatically and are not shown in the desktop, menus, or the file browser.
Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next