Hiya all.

I want to create a user account with only firefox access.
I think i do this by pointing the users bash to firefox location (is that right??)

I also want to disable downloads of any kind. Not sure how to do this.
Anyone see any problems i'm going to have doing this??

Thanx in advance.
Garth.

I would do this...

1st install the restricted bash shell.

2nd make a user and create a home directory. set there bash to rbash or bash-r

3rd make a link to FF in the home directory
(ls -s /somewhere/firefox firefox)
ls -s /location/program somename

4th deny them write access to everything in thier home folder (to prevent downloading)
chmod 755 (assuming root is the owner)
if not then chmod 555


give that a try and let me know if it works

You might also want to add firefox to .bash_profile so it automatically runs when the user logs in. You might also want to look at starting Firefox in full-screen mode, so the Close button is not visible.

Well the other suggestions may work I guess. Well except for the part about denying the user write access to their home directory - how's the Firefox profile going to get created huh? Also if a user owns the folder they can do whatever they like with the files contained in it, regardless of who owns those files.

This is the way I do it. (Note _do_ it, not would do it, I have created such a user.)

Log in as the user. Install the r-kiosk plugin. You may also want to consider tab killer and noscript.

In the user's home directory create a file called .xinitrc and in the file put one line

firefox

create a symbolic link to .xinitrc called .xsession. This fixes an issue where the user may be able to get a full desktop environment by specifying it a particular session at the login screen.

Log out as that user.

Set the user's shell to /bin/false to prevent logins on a text console.

That will give you essentially what you want to do though you may need to tinker a bit. If you want to be more paranoid you can get in to ripping stuff out of Firefox that you don't want people to be able to access, like remove the file picker and print dialogues and stuff. In my set up the user has no password and KDM is rigged to allow password-less login. The idea is that people can login with a specific username without a password and they get a Firefox only session that opens at the page where they can activate their own user account. Firefox is locked to to the extent that they cannot access sites outside of our domain. I use a separate copy of Firefox from the one people run when they usually log in due to the extent of the customisation. Also the account is rigged such that all the settings are deleted when the user logs out and the permissions are set up such that the user does not own the .xinitrc and .xsession files (or their own home directory - there's some trickery here with groups) so even if someone does manage to get a shell they cannot delete them. Also I have an init script which deletes the home directory at boot and recreates it just for good measure. I have some notes on all this if you're interested but they're a bit rough.

Sorry for the delay, having a busy week!!

Thanx for your ideas.

@arizonagroovejet you've done something close to what i want to achieve. I'm not sure how i create a symbolic link to .xinitrc called .xsession.
Also i'd like to see the notes you have.
Many thanx.
Garth

ln -s .xinitrc .xsession