[Cialug] Kiosk suggestions?
Josh More
MoreJ at alliancetechnologies.net
Fri Jun 25 13:20:08 CDT 2010
The only way I know to do this on Linux is to lock the root to the user's home directory, either with chroot or AppArmor. I am, however, highly doubtful that Gnome or KDE would function well this way. XFCE, maybe.
In either case, though, a non-admin user shouldn't have the ability to make any changes to the system regardless of what they can see.
You could, in theory, run Gnome without nautilus or XFCE without the file manager. Neither of these solutions would prevent you from browsing with the browse dialogs in OpenOffice and Firefox.
I say to not worry about it, and to fill the USB ports with epoxy (or unplug them from the motherboard, if the system supports that). If all you're worried about someone changing the system and breaking it, you might want to look at one of many imaging solutions: LTSP, virtualization, ramdisks, file integrity checks (tripwire). You might not need to actually prevent access. You might just need the ability to do a quick reset.
-Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP
morej at alliancetechnologies.net
515-245-7701
________________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Allen Kiddoo [adk at 52761.com]
Sent: Friday, June 25, 2010 13:11
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] Kiosk suggestions?
Is it possible to limit file browsing and saving to external thumb drive?
I want to keep them out of the hard drive as much as possible.
Allen
----- Original Message -----
From: "Josh More" <MoreJ at alliancetechnologies.net>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Friday, June 25, 2010 12:46:23 PM GMT -06:00 US/Canada Central
Subject: Re: [Cialug] Kiosk suggestions?
If you're allowing browsing, openoffice and media, what's the point of locking down the box?
Just set it to auto-update, take the auto-login user out of the admin group so they can't install software and look into hardening Firefox (can you just take write privs away from the profile directory?). Then make sure it's firewalled off into a DMZ and write a script that wipes /tmp/ and recreates the default user dir from scratch every time it's rebooted.
-Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP
morej at alliancetechnologies.net
515-245-7701
________________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Allen Kiddoo [adk at 52761.com]
Sent: Friday, June 25, 2010 12:45
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] Kiosk suggestions?
ubuntu 10.04
Probably do an 'alt' install and only add what is really needed.
Thought about xfce with the 'mac-look' dock just for eye candy.
But lock-down is more important than looks.
Want auto login to single public user.
Hardware is a dell optiplex gx-240 with 20gb hd/512mb ram/ 1.8Ghz p4.
Allen Kiddoo
----- Original Message -----
From: "Matthew Nuzum" <newz at bearfruit.org>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Friday, June 25, 2010 11:59:41 AM GMT -06:00 US/Canada Central
Subject: Re: [Cialug] Kiosk suggestions?
On Fri, Jun 25, 2010 at 11:53 AM, Allen Kiddoo < adk at 52761.com > wrote:
I need to lock down a public box used at a local church.
Want to allow browser, openoffice, and printing.
Also have access to media player for mp3 and video.
Limit file saving to external thumb drive.
Has anyone done something similar? Any links?
Searching has revealed little.
Yes, I've done this before. It's been a while.
Tell us more about the version of Linux you are using and it'll be easy to give more specific help.
--
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca and twitter
"Never stop learning" –Robert Nuzum (My dad)
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list