Set up user 'public' with auto-login. Set up user 'nimda' with sudo privs.
sudo apt-get --purge remove tomboy f-spot xsane ekiga evolution pidgin rhythmbox tracker deskbar-applet vinagre transmission-common transmission-gtk serpentine gthumb python-bittorrent bittorrent gnome-btdownload
Set these keys as MANDATORY for it to be effective
Use these gconf keys to clean up the user interface and provide some nice features for multi-user sessions
#!/bin/sh # # Locks down default non-needed xdg menu entries for non-root users. cd /usr/share/applications chmod 640 baobab.desktop chmod 640 redhat-manage-print-jobs.desktop chmod 640 evolution.desktop chmod 640 sun-java6-java.desktop chmod 640 sun-java6-javaws.desktop chmod 640 xchat.desktop chmod 640 totem*.desktop chmod 640 paman.desktop chmod 640 padevchooser.desktop chmod 640 paprefs.desktop chmod 640 pavucontrol.desktop chmod 640 pavumeter.desktop chmod 640 sound-juicer.desktop chmod 640 gnome-sound-recorder.desktop chmod 640 gnome-power-preferences.desktop chmod 640 seahorse*.desktop chmod 640 transmission.desktop chmod 640 brasero.desktop
chmod +x menu-cleanup.sh ./menu-lockdown.sh
/apps/panel/global/disabled_applets: OAFIID:GNOME_FastUserSwitchApplet (Don't forget to mark this key as Mandatory) (See screenshot here: http://logicalnetworking.net/other/wiki/ltsp-disabledapplets.png)
This section shows how to hide parts of the filesystem from within Nautilus. Please note that this technique is specific to Nautilus - other methods of gaining access to the filesystem, such as through OpenOffice “Open/Save” dialogs, the terminal, and other programs that do not use Nautilus to browse the filesystem are not affected (yet).
Doing this is easily accomplished by creating (as root) a file called .hidden in whichever directory you want to hide files/subdirectories in, which contains, one line at a time, a list of each file and/or directory you want to hide.
For example, I have created a file called /.hidden:
cd / sudo vim .hidden
bin boot cdrom dev etc initrd lib lost+found media mnt opt proc root sbin srv sys tmp usr var initrd.img initrd.img.old vmlinuz vmlinuz.old lib32
This script will create an image of the user account and restore that image on each logout.
#!/bin/bash case "$USER" in root|nimda) echo "Really not a good idea!!" ;; *) /usr/bin/killall -9 -u $USER rsync -az --delete --exclude=.gvfs /var/userbackups/$USER/ /home/$USER ;; esac
Invoke this script at the end of /etc/gdm/PostSession/Default, before the “exit 0” line. Of course, put a copy of your preconfigured user's home directory in /var/userbackups before you run it. Also add any user accounts you don't want this invoked on in the “root|nimda” list.
and add the following on a line before
This will cause gdm to restart and autologin. This is necessary as the TimedLogin directive for gdm no longer works after the first login.