Goal:
Setup a public web access (Kiosk) PC with the idea of preventing the user from doing anything other then browse the web. Administrative modifications are done to computer mostly from remote SSH connection.
Base Software:
Mandrake 9.2 running WindowMaker.
Mozilla 1.4 (included in Mandrake) - Any version of Mozilla would probably work.
Additional Packages Installed:
vncserver & xf4vnc (remote graphical vnc monitoring)
xscreensaver (screen blanking, idle counter, hides inactivity cleanup)
Still Needs:
Better keyboard shortcut lockdown (I disconnected the keyboard altogether)
Easy ways to reset the computer remotely, easy enough that the receptionist can do it.
Alternates:
This setup is designed for one PC only. If I had been doing 4 or 5 terminals, I think I would have gone for a remote server with readonly NFS mounts and whatnot.
Modified Config files:
Code:
=====================================================
/etc/X11/XF86Config-4
Section "ServerFlags"
DontZap # disable <Crtl><Alt><BS> (server abort)
DontZoom # disable <Crtl><Alt><KP_+>/<KP_-> (resolution switching)
AllowMouseOpenFail # allows the server to start up even if the mouse doesn't work
EndSection
...
Section "InputDevice"
Identifier "Mouse1"
Driver "mouse"
Option "Protocol" "IMPS/2"
Option "Device" "/dev/psaux"
# Option "ZAxisMapping" "4 5" #comment out anything above button 1
Option "Buttons" "1" #Buttons = 1 means no right click
EndSection
NOTE -- xf4vnc made additional changes to the XF86Config-4 file that will
not be documented here.
=====================================================
/etc/sysconfig/autologin
USER=guest
AUTOLOGIN=yes
EXEC=/usr/X11R6/bin/startx.autologin
=====================================================
NOTE -- I made as many changes as possible within the graphical WPrefs
applet of WindowMaker and worked from there to continue locking it down.
Most changes are documented here.
=====================================================
/home/guest/GNUstep/Library/WindowMaker/autostart
xset m 20/10 4
xscreensaver -nosplash & # -nosplash hides the config popup option
# Xscreensaver used later to monitor inactivity
/home/guest/scripts/mozillaloop.sh & # loads mozilla in a constant loop
/home/guest/scripts/xscreenwatch.sh & # watches screensaver
# without ampersands (&) windowmaker will lock up
=====================================================
/home/guest/GNUstep/Defaults/WindowMaker
{
LowerKey = None;
DisableDock = YES; #important
WindowShortcut10Key = None;
MiniaturizeKey = None;
ScreenNextSwitchKey = None;
WindowMenuKey = None;
HideOthersKey = "Control+Mod2+Q"; #quick way to override Mozilla Quit
NextWorkspaceKey = None;
WorkspaceBorder = None;
WindowShortcut8Key = None;
WindowShortcut9Key = None;
Workspace10Key = None;
RaiseKey = None;
HideKey = None;
PrevWorkspaceKey = None;
CloseKey = None;
FocusNextKey = None;
WindowShortcut1Key = None;
WindowShortcut2Key = None;
WindowShortcut3Key = None;
WindowShortcut4Key = None;
WindowShortcut5Key = None;
MaximizeKey = "Mod2+F11"; #quick way to override Mozilla fullscreen
WindowShortcut6Key = None;
RootMenuKey = None;
WindowShortcut7Key = None;
ScreenPrevSwitchKey = None;
WorkspaceBorderSize = 0;
Workspace7Key = None;
VMaximizeKey = "Mod2+F9"; #quick way to override Mozilla sidebar
Workspace6Key = None;
Workspace5Key = None;
Workspace4Key = None;
Workspace3Key = None;
Workspace2Key = None;
FocusPrevKey = None;
Workspace1Key = None;
WindowListKey = None;
Workspace9Key = None;
Workspace8Key = None;
HMaximizeKey = "Control+Mod2+H"; #quick way to override Mozilla history
}
=====================================================
/home/guest/GNUstep/Defaults/WMWindowAttributes
{
"mozilla-bin.Mozilla-bin" = {
NoResizebar = Yes;
NoBorder = Yes;
KeepOnTop = Yes;
NoCloseButton = Yes;
NoTitlebar = Yes;
NoMiniaturizeButton = Yes;
StartMaximized = Yes;
};
}
=====================================================
/home/guest/.mozilla/default/*.slt/chrome/userChrome.css
menubar { display: none !important }
//disables menubar
=====================================================
/home/guest/.mozilla/default/*.slt/user.js
user_pref("browser.history_expire_days", 1);
user_pref("browser.startup.homepage", "http://www.mywebsite.com/");
NOTE -- Mozilla will never overwrite user.js. Modifications made in prefs.js
can/will be overwritten especially while the browser is running. user.js
overrides if it exists. I'm sure there are numerous options that could be
added here.
=====================================================
/home/guest/scripts/mozillaloop.sh
#! /bin/sh
while [ 1=1 ]
do
mozilla -width 1024 -height 768
done
#if the user somehow figures out how to close/crash mozilla, it opens again
in an infinite loop. Every time it opens, it reloads user.js. The mozkill script
relies on this this loop, since it kills Mozilla just for it to open again fresh.
=====================================================
/home/guest/scripts/xscreenwatch.sh
#! /bin/sh
LOGFILE=/home/guest/scripts/log/xscreenwatch.log
sleep 10
echo `date` > ${LOGFILE} #reset log every startup
xscreensaver-command -watch >> ${LOGFILE} #outputs BLANK and UNBLANK events
=====================================================
/home/guest/scripts/log/xscreenwatch.log -- Sample output
Thu Sep 2 11:32:21 EDT 2004
BLANK Thu Sep 2 11:42:15 2004
RUN 52
MozKill Thu Sep 2 11:45:00 EDT 2004
=====================================================
/root/scripts/mozkill.sh -- Runs every 5 minutes from root's crontab
#!/bin/sh
LOGFILE=/home/guest/scripts/log/xscreenwatch.log
COUNT=1 #only look at $COUNT of end of log with tail -$COUNT ${LOGFILE}
while [ $COUNT -lt 20 ] #loop till we find something, or go overboard
do
if [ "`tail -$COUNT ${LOGFILE} | grep ^MozKill`" > /dev/null ]
then #if last action was kill, don't kill again
exit 0
fi
if [ "`tail -$COUNT ${LOGFILE} | grep ^UNBLANK`" > /dev/null ]
then #if last action was activity, computer being used
exit 0
fi
if [ "`tail -$COUNT ${LOGFILE} | grep ^BLANK`" > /dev/null ]
then #if it just recently blanked, kill Moz, flag log so we don't kill again
killall mozilla-bin
echo "MozKill `date`" >> ${LOGFILE}
exit 0
fi
((COUNT = COUNT + 1)) #if log file does not match one of the above 3 options
#then go around again, viewing one more line of log
#this takes into account for "RUN" output of screen-watch
done
exit 0
=====================================================
/etc/crontab
25 17 * * * root init 0 #shutdown 5 minutes before closing time
25 23 * * * root init 0 #shutdown again later, just incase
*/5 * * * * root /root/scripts/mozkill.sh & #every 5 mins run mozkill.sh
=====================================================
Additional:
It is recommended that you delete all xterminals. WPrefs is also something that needs removal of some sort. I chmod'ed them so only root could use them, but only until I knew I was done making changes.
If you only want users viewing a page thats already on a local web server, delete the default gateway and add a line in /etc/hosts to your local web server so that your homepage loads, and nothing else. Without a nameserver entry or a default gateway, the user is really limited.
The cd drive and floppy drive were removed. If this PC would decide to work with WOL, I would physically disable the power button too. The bios has a password, and grub has a timeout of nothing. The guest user has no password, and no login shell.
There is a Kiosk howto out there somewhere that recommends an fstab like this:
/dev/hda1 / ext2 defaults 1 1
/dev/hda5 /var ext2 defaults 1 2
/dev/hda6 /tmp ext2 defaults 1 2
/dev/hda7 /usr ext2 defaults 1 2
/dev/hda8 swap swap defaults 0 0
I may switch my hda1 to read only if I decide the PC is exactly the way I want it. That may be a bit excessive though based on the use of this computer.
This project will never be "done". I guarantee there are improvements that myself and other people could make. I hope this linux kiosk mozilla mini howto helps someone reduce the amount of time they may spend on a similar project. Most of this info I found on the web somewhere, with the exception of the scripts. Thanks to the guys at Mozillazine for answering the little things. Nothing spectacular, but it works. I am posting it here for the benifit of others as well as so I don't loose it.
If you use it or add to it, go ahead and post about it. Enjoy.