bergman on 23 Oct 2009 12:06:20 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Locking down a Web browser on Ubuntu

In the message dated: Fri, 23 Oct 2009 14:42:44 EDT,
The pithy ruminations from Adam Zion on 
<[PLUG] Locking down a Web browser on Ubuntu> were:
=> I have been asked to set up a linux workstation as a Web kiosk of
=> sorts, restricted to a single URL. How would I go about doing this?

Did you try using google?

There are lots and lots and lots of hits for this search.

I like using the "r-kiosk" extension to firefox:

My process is:
	create account to run kiosk page (kioskuser, for example), with
	no password

	login as kioskuser

	run firefox, select start page, tabs, bookmarks, etc

	exit firefox (saving start page, tabs, etc.)

	re-run firefox
	install r-kiosk extension

	logout as kioskuser

	login as root

	change the login shell for kioskuser to "/usr/bin/firefox"

	chown the firefox installation for kioskuser (~kioskuser/.mozilla/*)
	to root.root, and remove world-write permission from all files and directories
	(not that any should be set that way in the first place)

	modify ~kioskuser/.mozilla/firefox/*default/chrome/userChrome.css to 
	disable menu items as desired (ie., remove the search box, remove the 
	location URL, etc.)

I basically stop at this point, putting instructions in the display manager 
login screen that guests can login as "kioskuser" (with no password), and real 
users can supply their username & password for normal access. For a dedicated 
kiosk terminal, you'd probably want to configure the display manager (gdm, kdm, 
etc.) to automatically login "kioskuser".

One point of confusion with this set up is that it's not apparent how 
kioskusers can exit, since the normal "File/Close" button has been removed. I 
include a message on the terminal to type '^Q'.

Please note that this setup is sufficient to frustrate average users, but is 
not "high security". Some things to consider:


	chown -R root.root ~kioskuser

	using chroot

	preventing remote (ssh, rlogin, rsh) logins as "kioskuser"


=> Thx,
=> -Z
=> -- 
=> Adam+Zion, MCSE+I, Registered Linux User #471910
=> Don't look back. Something might be gaining on you. * Satchel Paige

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --