LibreOffice for Viewing Only - Locked Down Environment

Hi,

I’m looking at using LibreOffice to provide a Word/Excel/PowerPoint viewing facility in a retail business environment.

It is necessary that users can basically only view and print documents (which are linked from an Intranet or bespoke email system), so I have removed the majority of menu/toolbar options, keyboard shortcuts, and context menus.

As it stands, the solution is almost working as intended, however I have two issues which are linked: Although certain keys such as Enter/Backspace/Delete are disabled, users can still type into a document with alphanumeric keys; and if the user does modify the document, although there is no Save button, they are prompted whether they wish to save upon closing LibreOffice (which can give unsolicited access to File Explorer).

Can anyone suggest a workaround? I was thinking of maybe a macro that is invoked that prevents typing into the document, or somehow forcing the document to close without prompting to save?

Many thanks!

Why not use pdf? PDF readers would be much simpler to deal with. It is overkill to use LO and just a document reader.

I tried to press for that, but unfortunately we need to retain the ability for users to email documents as Word/Excel/PowerPoint filetypes. If there was a utility that could take an Office document and convert to PDF on the fly and then open it, that would be ideal, but I haven’t managed to find anything to do so.

The simplest workaround is to set the access rights of the files to “read-only”.

On most modern OSes (you did not mention yours), files are tagged with 3 access right families: owner of the file, group of the owner and “rest of the world”. If your business has a consistent security model, each user has a separate account (with R, W X=execute/access rights). Users can be grouped by department (sales, finance, personel, …) with common R+X rights. Finally, “rest of the world” is set to R only so that people is other departments car read files but not modify it.

This can be a start point for you.

This does not solve the email part of the question. Note also that anyone can save a read-only file under another name in his/her own home directory and thereafter modify the file.

Other more complex schemes may be designed, e.g. with the SELinux policies under Linux. One of them is the multi-level security model but this my be a sledge hammer to crush a fly.

To show the community your question has been answered, click the ✓ next to the correct answer, and “upvote” by clicking on the ^ arrow of any helpful answers. These are the mechanisms for communicating the quality of the Q&A on this site. Thanks!

In case you need clarification, edit your question (not an answer which is reserved for solutions) or comment the relevant answer.

Thanks, the operating system is Windows 10. Unfortunately due to the files opening from an Intranet and email, it is unlikely we can set the permissions reliably. Of course we can use group policy to disable access to File Explorer, but this prevents us with other issues in terms of unlocking access for support purposes.

I was hoping a macro could be run when the document state is modified to cancel the changes, or alternatively to not prompt for changes to be saved when LO is closed.

I’m not at all familiar with macros. Wait for macro gurus to explore this track. But don’t rely too much on it. “Clever” users can disable macro execution, thus defeating your protection (I know, you dismiss probably 99% of cases, leaving you with only the 1% intending to harm you).