Changing CDE Defaults

In the default CDE environment, users can add actions to the Front Panel and customize the Workspace menu. Trusted Solaris software limits users' ability to add programs and commands to the CDE.

Customizing the Workspace Menu

The Workspace Menu is the menu accessed by clicking and holding the right mouse (Menu) button on the background of the workspace. Using the Customize Menu and Add Item to Menu options on the Workspace Menu is the same as in the base CDE window system, with some Trusted Solaris protections.

The following apply when a user is allowed to work at multiple labels:

• The user must use the Customize Menu and Add Item to Menu options in a workspace labeled at the session clearance. Changes made at other labels than the session clearance are not recognized by the window system.

  If a user is able to log in at multiple labels, the user has the potential for multiple session clearances during different login sessions. Therefore, make any changes at each of the potential session clearances if you want the changes to apply to all potential login sessions.

• The user makes the changes in a normal user workspace.

• When the user assumes a role, changes to the Workspace Menu persist.

• Changes made to the Workspace Menu are stored in the user's home directory in the single-level directory (SLD) created at the working label. The label should be the same as the session clearance. The items in the Workspace Menu are stored in the .dt/wsmenu directory within the user's multilevel (MLD) home directory in the SLD that corresponds to the working label.

  For example, to change the Workspace Menu when the user's only possible session clearance is NEED_TO_KNOW ENG, the user would go to a workspace labeled NEED_TO_KNOW ENG. If the user adds an item to the Applications menu using the Add Item to Menu option, the item would be stored in /home/username/.dt/wsmenu/Applications.

  The pathname above corresponds to the real MLD path shown below, where .SLD.3 in the example is the SLD that corresponds to the NEED_TO_KNOW ENG label for user barbar.

  /home/.MLD.barbar/.SLD.3/.dt/wsmenu/Applications

• The profile mechanism must enble the user to run the action.

  Any option added to the Workspace Menu must be handled by one of the user's rights profiles or the option will fail when invoked and an error message will display.

  For example, anyone with the Run action can double-click the icon for any executable and run it, even if the action or any commands it invokes are not in one of the account's rights profiles. By default, roles do not have the Run action, and all executable actions require the Run action, and therefore, any item that requires the Run action fails when executed by a role.

Customizing the Front Panel

Anyone can drag and drop a pre-existing action from the Application Manager to the Front Panel as long as the account doing the modification has the action in its profile. Actions in the /usr/dt/* or /etc/dt/* directories can be added to the Front Panel, but applications in the $HOME/.dt/appconfig directories cannot. While users can use the Create Action action, they cannot write into any of the directories where the system-wide actions are stored, so they cannot use the actions.

In the Trusted Solaris environment, the actions' search path has been changed so that actions in any individual's home directory are processed last instead of first. Therefore, no one can customize existing actions.

The Security Administrator role has the Admin Editor action, so can make any needed modifications to the /usr/dt/appconfig/types/C/dtwm.fp file and the other configuration files for the Front Panel subpanels. This guide contains two procedures that exemplify how to modify existing files to create new actions. "To Add Actions Outside of the System_Admin Folder" describes how to create an alternate mail application that can run with privilege in the Front Panel. "dtmail is the Default Mail Application" describes how to add an administrative action that can run with inherited privileges to the System_Admin folder for the purpose of editing another configuration file.

Roles can drag and drop actions from the System_Admin folder to the Front Panel. The icons can confuse normal users because the action icons only work for the roles.