I work in a public library and we're currently running Win2k on most of our staff and public computers. It's a small library, and we have a pretty tight budget so I've been looking for Open Source alternatives to some software we use.

In particular, I'd like to install Linux on some of our Public Internet Access computers. The only catch is that we need to be able to remove anything that a patron has downloaded or changed once they are finished. We've been using Centurion Guard, but the manufacturer does not have a Linux version of the drivers.

Does any one know of an easy way to do this in Linux? If you need more information, either reply to this or e-mail me at advancina@manhattan.lib.il.us

Thanks!

Installing Linux to save costs is a great idea!

What is the purpose of these public computers? Just surfing? Printing?

If its just surfing perhaps than no write access to said browser?

Im just guessing here but it shouldn't be too hard.

Our public computers are used for surfing, printing, word processing, ect., so the users need to be able download stuff and write to the hard drive.

Each time we reboot the computer all of their files need to be removed and changes reset.

I was thinking about writing some scripts that would delete the Public users home directory and restore it from .tgz backup of the directory.

That would probably take care of most of it, but I'm open to other ideas.

Did you happen to see this thread in General? It is about the Howard County, MD library creating thier own distro called lumix specifically for library use. You might want to get in contact with them.

Yes, I read the article about Howard County on Slashdot and in Library Journal. It didn't look like they were using in for Public Internet computers, though.

I know a lot of libraries just turn of write access to the hard drive, but what right now Centurion Guard lets our patrons do anything they want (download files, install programs, even format the hard drive) and writes it to a temporary file. When we reboot the computer, all the changes are removed. (See http://www.centuriontech.com/centurion-faq.htm for more details)

It's really a neat tool, and I was hoping to be able to do something similar under Linux.

You could have a script that runs on login (since it's all User X's files you don't need root access if you do it as User X) deleting the User's home directory (including all saved data), and copying over a "vanilla" or "base" directory to replace what was just deleted.

That way, every time someone starts up the computer, all the previous user's changes are deleted, and given the right access (ie only to their home directory), you wouldn't need to do much more than that.

-- Poetics

That sounds like what I had in mind. Should be pretty easy to write, too
I've been pushing for using more Open Source software and my Library's Director is open to the idea, but I need to prove that we won't lose any of the functionality we currently have under Win2k.

We're actually already using RH9.0 for some of our online catalog stations, and we'd like to start using Linux on some of our staff computers. The only problem is that out Library Management software (Sirsi's Workflows) only runs on Windows. I've been tinkering with using it under WINE, but I still have a few kinks to work out

What about just using knoppix or some other live distro? Just reboot and everything is cleared away. This would seem like a nice, gentle introduction for your boss as well.

Well, if you are still open to suggestions, I have some things to add.

It just so happens I am the network administrator of a Public Library and am doing the exact same thing that you are trying to do. In fact I also use Centurion Guard on my Windows 2000 machines (some are running Deep Freeze). Hm, that is almost a little creepy...anyway...

There are 2 different ways you can do this (there are more than 2 ways in reality, but most of the others really aren't practical for a large-scale implementation).

1. If your work stations have a lot of RAM, you could create a RAMDISK at boot and mount the public user account's home directory to it. You would also make it so they can write only to the public account's home directory (you should do this no matter what route you take).

This will keep anything saved to the home directory until the machine is rebooted. When the machine boots, their home directory would be a clean slate.

This is very much like what Poetics suggested, but as the advantage that you won't be constantly reading/writing to the HDD.

2. Have all of the workstations setup to mount the public users account's home directory over the network to a central file server.

This is the method I use.

I have the home directories of all the machines mounted to a single directory on a file server, and I have a cron job that deletes any file older than 2 weeks on a daily basis.

I like this method because it gives users pretty seamless read and write access to what the user thinks is the HDD of the machine they are at, and there work isn't lost the next day.

With Deep Freeze or Centurion Guard, I would sometimes find that people would come in a day or so after they created the document, and wanted to access it, but it was deleted as soon as the machine was turned off the night they created it.

With this centrally managed file storage, I can hold users documents for awhile without having to worry about it. I know where all the files are, how much space they are taking, etc.

I personally run Samba on the file server, since I also map a drive to the file server from the Windows clients that are running Centurion Guard. If you are going to have only Linux clients using this service, you could run NFS on the file server, but I like the ability to have both my Windows and Linux clients be able to seamlessly access the same service.

There is only one problem with this setup. All of the public users can see each other's files. This could be solved by each client machine having it's own directory on the file server (Samba can do this fairly easily), but it is really only a problem if you are worried about personal privacy for your users.

I feel that since we are offering computer access to the public, privacy cannot be assured in the first place, since the Library is a public place, and the machines are not the property of the public users. I talked to the Director of the Library about this matter, and he felt the same way. So it might be something you would want to talk to your Director about.

I -really- like the RAMdrive idea, MS3FGX, very nice. Hadn't thought of it because I've never had to use them before. Wow, that is a great idea almost no matter how much ram is in the box -- just make a nice little 40mb drive (or if you have more ram, more), and go. Very nice indeed.

-- Poetics

My Director is pretty hard core about patron confidentiality issues, so I don't think she's likely to go along with anything that would allow patrons to see each others files.

I had thought about using RAM disks, though. The only problem is that you’re pretty limited on capacity. The nice thing about Centurion Guard is that you can use large part of the hard drive without keeping anything permanently.

Thanks for the ideas I'm still going over different options, but it looks like I've got a good starting point.

then just set it up like he sujested on the 2nd part. give each PC its own /home in the samba server. this will make it so they can only see programs from that PC just as they could now.

you still have the 2week issue, or you can set up his script to clean things out that hit 24hr mark.

That might work, but the files would have to be deleted after each patron was done using the computer. Often we have people using the PCs one after the other and we don't want them to be able to find or access the files of the last user(s).

now that i could see being a big issue unless you do the RAM thing.

is there a way to creat a temp dir that is flushed when X is restarted?

if there is, then just educate the customers if they have private information they do not want seen by other users they need to crtl+alt+backspace when they are finished to flush the temp dir.

im trying to pull ideas out of the air as im not a major linux guy YET. im a windows guy and sadly without 3rd party software like what you have there is no way to do that in M$.

Yes, I could make a back-up of the public user's Home directory. Then when the system is restarted we could delete the Home directory and restore the default copy from back-up.

The thing I'm not sure about with that idea is how long it will take to delete and restore.