Inability to restrict Places is a security issue

Asked by greg on 2011-07-30

In an education environment (like with a kiosk), certain users cannot be allowed unfettered access to the file system. Exposing the filesystem in the Places menu or explorer navigator or on the desktop, is an invitation to click - mount - and cause general mayhem for an unwitting pre-school child. Originally I was keen to use Unity but I couldn't get account based restrictions on the content of the launchers (the requirement was much the same), so I switched to Gnome, where the menu policy editor does at least a partial job at restricting the applications available. The remaining issue is the lack of provision to turn off visibility of the disk partitions (&c.?) All I want in Places, whether via the menu or the left column of the explorer or on the desktop are visible folders in the kid's account directory.

After some Googling, it seems this is a) impossible and b) a popular requirement. To me it seems like a fairly trivial exercise for the development team to knock out and it would open up all those applications where this use case is of primary importance!

My questions are:
Is this recognised as a requirement? (control of fine grain access policy, esp 'Places')
If yes, then what's its priority?
If no, then please justify why not?
If you're not sure, please have a think about the use case and explain how it isn't a critical requirement for such usage?

Cheers,

Greg

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu gconf-editor Edit question
Assignee:
No assignee Edit question
Last query:
2011-07-30
Last reply:
2011-07-30

Log a bug if you feel one is justified.

(1) Have you considered configuring the user account to be unable to mount devices? This is unrelated to Unity, Nautilus, or Gconf. You can adjust this for each user account in the Control Center (power icon > System Settings), in Users and Groups (in the System category). If you don't find the settings you need there, you can install gnome-system-tools and use the users-admin utility for this purpose by pressing Alt+F2 and running "users-admin" without the quotation marks. If that doesn't provide sufficiently finely grained control for your needs, then you should be able to make it more finely grained by manually editing /etc/fstab. See http://manpages.ubuntu.com/manpages/natty/en/man5/fstab.5.html.

(2) If you file a bug report for this or any other issue in Ubuntu, please make sure to read https://help.ubuntu.com/community/ReportingBugs carefully first.

Can you help with this problem?

Provide an answer of your own, or ask greg for more information if necessary.

To post a message you must log in.