Re: [PLUG] Locking down a Web browser on Ubuntu

bergman on 23 Oct 2009 12:06:20 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Locking down a Web browser on Ubuntu

From: bergman@merctech.com

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Locking down a Web browser on Ubuntu

Date: Fri, 23 Oct 2009 15:06:14 -0400

Reply-to: bergman@merctech.com, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

In the message dated: Fri, 23 Oct 2009 14:42:44 EDT, The pithy ruminations from Adam Zion on <[PLUG] Locking down a Web browser on Ubuntu> were: => I have been asked to set up a linux workstation as a Web kiosk of => sorts, restricted to a single URL. How would I go about doing this? Did you try using google? http://www.google.com/search?q=ubuntu+kiosk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a There are lots and lots and lots of hits for this search. I like using the "r-kiosk" extension to firefox: https://addons.mozilla.org/en-US/firefox/addon/1659 My process is: create account to run kiosk page (kioskuser, for example), with no password login as kioskuser run firefox, select start page, tabs, bookmarks, etc exit firefox (saving start page, tabs, etc.) re-run firefox install r-kiosk extension logout as kioskuser login as root change the login shell for kioskuser to "/usr/bin/firefox" chown the firefox installation for kioskuser (~kioskuser/.mozilla/*) to root.root, and remove world-write permission from all files and directories (not that any should be set that way in the first place) modify ~kioskuser/.mozilla/firefox/*default/chrome/userChrome.css to disable menu items as desired (ie., remove the search box, remove the location URL, etc.) I basically stop at this point, putting instructions in the display manager login screen that guests can login as "kioskuser" (with no password), and real users can supply their username & password for normal access. For a dedicated kiosk terminal, you'd probably want to configure the display manager (gdm, kdm, etc.) to automatically login "kioskuser". One point of confusion with this set up is that it's not apparent how kioskusers can exit, since the normal "File/Close" button has been removed. I include a message on the terminal to type '^Q'. Please note that this setup is sufficient to frustrate average users, but is not "high security". Some things to consider: javascript chown -R root.root ~kioskuser using chroot preventing remote (ssh, rlogin, rsh) logins as "kioskuser" Mark => => Thx, => -Z => => -- => Adam+Zion, MCSE+I, Registered Linux User #471910 => => Don't look back. Something might be gaining on you. * Satchel Paige ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Locking down a Web browser on Ubuntu
From: Richard Freeman <r-plug@thefreemanclan.net>

References:

[PLUG] Locking down a Web browser on Ubuntu
From: Adam Zion <azion1995@gmail.com>

Prev by Date: [PLUG] Locking down a Web browser on Ubuntu

Next by Date: Re: [PLUG] Locking down a Web browser on Ubuntu

Previous by thread: [PLUG] Locking down a Web browser on Ubuntu

Next by thread: Re: [PLUG] Locking down a Web browser on Ubuntu

Index(es):

Date

Thread