
This forum is proudly powered by Scientific Linux 6 | SL website Download SL Help Search Members |
Welcome Guest ( Log In | Register ) | Resend Validation Email |
![]() ![]() ![]() |
Nicram |
Posted: May 31 2014, 11:13 AM
|
|
![]() SLF Junior ![]() ![]() Group: Members Posts: 35 Member No.: 1399 Joined: 23-March 12 ![]() |
I prepared some document about changing SL6 into KIOSK, so user are capable of going thru websites only.
After few days i also prepared shell script that do all things automatic. I would like if someone check this if there are any errors or thing that are hard to understand. The tutorial: http://www.marcinwilk.eu/lang/en-us/2014/05/scientific-linux-6-centos-6-kiosk/ The script: http://www.marcinwilk.eu/sl/make-kiosk.sh Thank you. |
|
evert |
Posted: May 31 2014, 09:11 PM
|
|
![]() SLF Rookie ![]() Group: Members Posts: 21 Member No.: 2836 Joined: 2-December 13 ![]() |
Pretty clear. Good work. I didn't try myself though, because I don't need a kiosk. Not sure if everything is enough locked down but seems rather usable.
|
|
joka |
Posted: Jun 3 2014, 08:45 PM
|
|||
SLF Geek ![]() ![]() ![]() ![]() Group: Members Posts: 172 Member No.: 107 Joined: 28-April 11 ![]() |
Good description and I assume it will work though I have not tried it myself.
Some remarks: Instead of AutomaticLogin I would prefer TimedLogin to give an administrator the chance to login to his account, e.g (/etc/gdm/custom.conf).:
I don't understand why you recommend Opera instead of Firefox in a public tutorial. Firefox is maintained by SL/CentOS, while you have to update Opera yourself. Fedora and EL have a special tool to create a secured kiosk user, based on SELinux: xguest Similar to a LiveCD, a xguest session creates a temporary home directory as tmp file system in memory. If the guest/kiosk user logs out, all session data (and cookies, super cookies, changes to the browser profiles made by the user etc.) are gone. SELinux rules limit the rights compared to a standard user: internet access is allowed only for standard HTTP(s) ports.** Execution of binaries in the home directory (downloaded from Internet by the browser, e.g. potential Kernel exploits) is disallowed. To configure xguest, save the deskop files (e.g. your .xsession to start the browser in full screen mode) to /etc/skel instead of /home/kiosk.* *) The author of xguest, Dan Walsh, intended and recommended the tool sabayon to configure the xguest deskop. But to my experience this never worked reliably in Fedora 8-14 and SL 6. **) Limits are configurable by SELinux booleans |
|||
Nicram |
Posted: Jun 6 2014, 12:29 PM
|
|||||
![]() SLF Junior ![]() ![]() Group: Members Posts: 35 Member No.: 1399 Joined: 23-March 12 ![]() |
Thanks for reply!
I will think about changing that. I must first ask how they see it going in real life situation.
Because Opera got built-in kiosk mode and options that helps to achieve my goals, without installing any additional plugins for web browser. While xguest is some option, i read about it and try it, and it didn't help me at all. I can disable downloading files with Opera, and same time give possibility to browse FTP for example. Using xguest also is prepared for Firefox which isn't my choice. When using xguest account, and trying it to use my config files, i must put them in /etc/skel like You said. It will make them used for new accounts, which i do not want. My idea is to prepare script, that will be used by people, who do not really know Linux OS well, so it will be just easy for them, and it will do the work. Xguest need some more advanced knowledge (like what is SELinux, what is /tmp, how this account really work). |
|||||
![]() |
![]() ![]() ![]() |