Contributed by
jose
on
from the limited-use-for-people dept.
anonymous
writes:
"The idea of setting up browser-only kiosks on i386 PCs has at least entered the minds of some IT people I know at my institution. The idea is to have machines that boot to a browser session without requiring any login, and respawn this session when rebooted or reset (by zapping an X session or closing the browser). Of course it would be nice if such machines were as secure as possible, with the Windows PCs that currently provide these services leaving some room for improvement in this respect.
The idea has not yet been *seriously* floated, so it seemed like a good time to pick the brains of deadly readers and see if someone already has the detailed solution to this problem worked out. I think a 'proof of concept' demo machine might at least help advance the idea beyond 'wild suggestion' to 'take under consideration'."
There is a firefox port in ports-current which i currently use. It works fine. It's not as speedy as the version that im running under my linux work station at home, but im sure you could recompile the system for the specified architechture it would speed things up.
Here are some links with regards to setting firefox up as a kiosk browser.
http://texturizer.net/firefox/tips.html#oth_kiosk
There are also some pluggins for firefox regarding kiosk browsing. Look for "kiosk browsing" section at:
http://texturizer.net/firefox/extensions/
My only problem with setting up something like this would be that kiosk machines are usually pretty low end hardware...firefox might be too much bloat.
Comments
By
Anonymous Coward ()
on
I think setting up Firefox for kiosk browsing is a no-brainer, and if you run the Window manager before the browser in the .xsession file for the unpriviledged user (or change the system wide default) like so:
FavWindowManager &
firefox
Then I think the session should terminate when the user quits the browser. I have no idea how to get, say, xdm to automatically start a session for a particular user without a password though (and using xdm tends to be the nicest way to start an X session in OpenBSD). This really seems to be the key issue here, and I'm not even if it is possible. For that matter I'm not sure I know how to safely start a even a console session for a user without a password prompt; "login -f username" perhaps?
Comments
By
FreeJak ()
on
How about a null password profile and opera?
Other things I'm thinking about are having an automounter+diskless configuration that mounts / and etc by request, like Sun's AutoClients and Java Stations do.
If you have the configs ready, there should be less problems.
Take care!
By
Anonymous Coward ()
on
What's xdm?
I've a 3 headed machine whose sole existance is to display gfx of stats and webcam images to the three heads. In /etc/rc.local i have:
su - display -c startx &
The user display has a .xinitrc script which doesn't run a wm but just runs some scripts that call ImageMagick's montage and display to show the graphs and other images.
For a kiosk i would instead try to give the user a cronjob something like:
@reboot /path/to/myscript
where /path/to/myscript is not editable by the user, and is something like:
while [ 1 ]; do startx; logger X died; sleep 10; done
And as the previous poster mentioned, $HOME/.xinitrc can be as simple as:
wm &
browser
Do you even need a wm?
Be careful with what is available to the browser, remember that file:/// can be your enemy, systrace/chroot might be your friend. Might wanna chflags the prefs to be immutable and also add something to .xinitrc to wipe out cache and cookies on browser exit.
Comments
By
Anonymous Coward ()
on
One more thing, maybe you wanna run xautolock to automatically kill and restart X after a few minutes of no activity, provided there has been some activity since the last restart.
By
strgout ()
on
Well i think to auto login a user you make add something to /etc/gettytab then call that from /etc/ttys
"Mozilla Kiosk is a mozilla interface using XUL and JAVASCRIPT to implement a kiosk style browser. The concept here is to have a browser that does nothing more than browse - no fancy features. Designed for a kiosk style system."
"The problem is that Mozilla does not support a kiosk mode that can be invoked at browser start-up through the command-line. However, using Javascript code, you can open the equivalent of a kiosk browser. You can also control specifically which elements will appear. This allows you to customize the kiosk mode to fit your needs. You don't need to be a Javascript expert to make this work. If you can copy-and-paste, you can use this method!"
Comments
By
Anonymous Coward ()
on
yeah too bad. fuck javascript
By
Anonymous Coward ()
on
why openbsd ? What does it bring to the table ?
It seems like you know the solution you want w/o detailing the problem.
Comments
By
Anonymous Coward ()
on
I thought I outlined the problem pretty clearly. There is no religous reason it *has* to be OpenBSD (in fact the people in question will probably insist it MUST be implemented on Red Hat Linux for reasons of manager mindshare). It just happens I am most familiar with OpenBSD, and thought it would be a great chance to get the platform some exposure in my institution.
By j0rd () mits_rox@OHNOS.hotmail.com on http://j0rd.ath.cx/
Here are some links with regards to setting firefox up as a kiosk browser.
http://texturizer.net/firefox/tips.html#oth_kiosk
There are also some pluggins for firefox regarding kiosk browsing. Look for "kiosk browsing" section at:
http://texturizer.net/firefox/extensions/
My only problem with setting up something like this would be that kiosk machines are usually pretty low end hardware...firefox might be too much bloat.
Comments
By Anonymous Coward () on
FavWindowManager &
firefox
Then I think the session should terminate when the user quits the browser. I have no idea how to get, say, xdm to automatically start a session for a particular user without a password though (and using xdm tends to be the nicest way to start an X session in OpenBSD). This really seems to be the key issue here, and I'm not even if it is possible. For that matter I'm not sure I know how to safely start a even a console session for a user without a password prompt; "login -f username" perhaps?
Comments
By FreeJak () on
Other things I'm thinking about are having an automounter+diskless configuration that mounts / and etc by request, like Sun's AutoClients and Java Stations do.
If you have the configs ready, there should be less problems.
Take care!
By Anonymous Coward () on
I've a 3 headed machine whose sole existance is to display gfx of stats and webcam images to the three heads. In /etc/rc.local i have:
su - display -c startx &
The user display has a .xinitrc script which doesn't run a wm but just runs some scripts that call ImageMagick's montage and display to show the graphs and other images.
For a kiosk i would instead try to give the user a cronjob something like:
@reboot /path/to/myscript
where /path/to/myscript is not editable by the user, and is something like:
while [ 1 ]; do startx; logger X died; sleep 10; done
And as the previous poster mentioned, $HOME/.xinitrc can be as simple as:
wm & browser
Do you even need a wm?
Be careful with what is available to the browser, remember that file:/// can be your enemy, systrace/chroot might be your friend. Might wanna chflags the prefs to be immutable and also add something to .xinitrc to wipe out cache and cookies on browser exit.
Comments
By Anonymous Coward () on
By strgout () on
/etc/gettytab
autologin|al.9600:al=joeuser:tc=std.9600:
/etc/ttys
ttyv1 "/usr/libexec/getty al.9600" cons25 on insecure
just a guess for the auto login.
By Justin () on
xinit BROWSER
then how about loading any bare minimum into memory (saving room for cookies and cache) then unmount the partitions.
By jose () on http://monkey.org/~jose/
http://kiosk.mozdev.org/
"Mozilla Kiosk is a mozilla interface using XUL and JAVASCRIPT to implement a kiosk style browser. The concept here is to have a browser that does nothing more than browse - no fancy features. Designed for a kiosk style system."
http://tln.lib.mi.us/~amutch/pro/mozilla/kioskmode.htm
"The problem is that Mozilla does not support a kiosk mode that can be invoked at browser start-up through the command-line. However, using Javascript code, you can open the equivalent of a kiosk browser. You can also control specifically which elements will appear. This allows you to customize the kiosk mode to fit your needs. You don't need to be a Javascript expert to make this work. If you can copy-and-paste, you can use this method!"
Comments
By Anonymous Coward () on
By Anonymous Coward () on
It seems like you know the solution you want w/o detailing the problem.
Comments
By Anonymous Coward () on