Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am looking for a web browser solution in the Linux environment to provide controlled access to one or two domains. This is for a factory/warehouse implementation. The machines will be used to access shipping information and email or report to headquarters.
An optimal solution would have limits based on user id or role. The machine should boot up to the browser with limits.
I don't need to know all the gory details about how to do it right now. I just need to know that it is feasible and what combination of products it would take. I am looking at this as a better alternative to a Windows/Citrix/and other junk solution.
Assuming there is a solution, does anyone have any idea of how complex this is to do?
sounds like a real simple squid proxy, something that a dedicated firewall distro like ipcop could easily handle for you with its default builtin squid server. you could run it transparently and authenticate on a per ip address basis, but if you can define how the users and machines work, e.g. will the same machine be used by different people for different functions?
there will probably only be two or three roles (administrator, power-user, worker-bee
the machines are located in geographically dispersed locations with normally no overlap of usage. In other words, under normal circumstances a machine would be dedicated to one role.
It would be optimal, since there will be only one active machine per location, if a machine could allow more than one role. This would allow a visiting administrator or power-user to use the machine.
ok, so are you looking for a central solution? a solution that is on each machine that the browser is using? If you are using a centralised point of internet access then again i'd refer back to ipcop, with the advproxy addon http://www.advproxy.net. you could also deploy this in each location, but it would require a seperate machine on each site (unless you ran a vmware instance on the single machine which is feasible but not what you really wanti'm sure) which, if it's only serving one machine anyway seems odd at best.
Now, outside of this i am not sure how you would achieve user based authentication to restrict access to certain sites iwth no additional machine. you can certainly run squid and authenticate on it when you are telling a browser to go directly to a proxy, but what's stopping a user disabling that proxy and just going direct to the internet? an iptables rule can intercept port 80 requests, but those requests will come from squid too anyway.... I'm\ rambling now, probably worth ignoring all that.
OK, so what if you don't want squid... could you not simply restrict the visible UI of the browser they are given to use? if they can only go to a homepage which is a menu, and have no access to other parts of the browser then would that be all you'd want as an assurance they can not go elsewhere? i'm sure there will be firefox extensions for this for example.
Thanks for your suggestion. After searching I found the Opera browser has a Kiosk mode designed to allow you to limit the domains which can be seen. It also has an ability to display a site in full screen mode with no buttons or tool bars. This will handle the problem. Google Opera Kiosk mode for more information on how to.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.