BOFH Hunter

gconf voodoo

The gnome desktop has tons of versatility and flexibility to suit just about any desktop type needs. Unfortunately this flexibility has a hidden cost, and a few dozen hidden options. While most options are right where you’d expect them to be in the various gnome applications like nautilus, others can be difficult to nail down. This is where gconf was supposed to come to our rescue, but instead it got all drunk and confused.

While many folks compare it to the Windows registry, this isn’t entirely accurate. GConf is a bit more user friendly than that, although some similarities can be drawn. It’s a binary set of files which requires a special utility to work, and operates in a directory/file structure type. Below, we’ll go through some of the more common changes users are likely to want.

The Basics:

There are two ways to go about playing around in your GConf registry. You can use the gconf-editor gui, which is in the gconf-editor package, or you can use gconftool-2, which is a command line driven application, and a little more cumbersome to maneuver around in. The basic command to help get you around in gconftool-2 is ‘gconftool-2 -R /’. With this command, you’ll see the directory/file structure which makes up the registry, and their associated settings. If you’re new to gconf, it’s probably best to start out with the gui.

Starting small:

A few times a month or so, users will ask how to tell gnome or nautilus to ignore blank CD input, or to at least do something useful with it, like open k3b instead of the default nautilus burn window. Setting this up with gconf-editor is relatively simple. Open it up, and browse to the ‘/desktop/gnome/volume_manager/’ directory. Inside this directory you’ll find a number of settings that you can modify for various automated media handling. You can change the default movie player, dvd player and more from this directory. Incidentally, ‘automount_drives’ and ‘automount_media’ are located here also, so if you’re having trouble with usb drives, this is one thing to check. The two options that we’re concerned with right now are ‘autoburn_data_cd_command’ and ‘autoburn_audiio_cd_command’.

By default these are both set to ‘nautilus –nodesktop burn:‘, but this isn’t the behavior we want. If you’d like to have k3b loaded up instead, simply change the string values to ‘k3b’ and you’re off and running. This is a per user setting, so you don’t have to be root to modify most of these values. If you do happen to launch the app with sudo, you’ll also have the ability to enforce this setting for all users. This can get handy, and we’ll look at it a bit later on.

System Policies

Now that you’ve had a little bit to look at the user side of gconf, if you’re planning to run lab or kiosk systems you might also want to look at enforcing some of your system policies with gconf. This should not be your only security method to lock the boxes down, simply another layer to examine for inclusion.

Inside the /desktop/gnome/lockdown directory, you’ll find several settings which can help you restrict your workstations or kiosk systems, such as ‘disable_command_line’. After launching gconf-editor with sudo, set these options the way that you want, then right click them and choose ‘Set as Mandatory‘. This will enforce these changes for all system users, and disallow the user from changing the settings individually for their accounts. This can be done for many of the settings here, including application specific options. While this means of enforcement is not perfect, it can go a long way toward helping an admin regain some control and a possibly a little sanity. It’s also one EVIL BOFH prank for other admins/users… if one were so inclined… >:-)