Slashdot Mirror
Linux and Public Access Computing?
An Anonymous Coward asks: "The Seattle Community Technology Alliance is a non profit, federally funded, public/private project that supports community technology centers in the Seattle area. We are interested in moving our public workstations from Win 2000 to Linux. In order to do this, we need good multi-lingual options and the abiltiy to create 'guest accounts' that prevent users from changing settings (to provide a consistent environment for users). What are the best tools for multi-user Linux labs? Should we use KDE? Gnome? How do we keep users from changing settings? We are eager to start experimenting, but would appreciate expert advice on starting points!"
But these are EASY questions.
Choose any of the larger distributions you wish. Red Hat, Suse, whatever.
Use KDE. Windows users freeze the second they see Gnome.
Guest accounts and multiuser environments are what Linux is all about.
As far as locking down the desktop, Linux and KDE are infinitely configurable so this won't be a problem. Alternatively, if you are just using guest accounts, let them change what they want then have the logout script clean out their home directory. That way every time a new guest logs in, It's a brand new desktop.
http://www.linux.org/docs/ldp/howto/Kiosk-HOWTO. html
I would start here.
-=Skip
Check out http://www.dnalounge.com/backstage/src/kiosk/ for information about how they set up their Kiosks. It might give you some ideas for starting points, the have similar goals and an extremely "hostile" environment.
If you use GNOME... you can lock down most of the settings (in GNOME 2 atleast) by just changing your GConf settings. Basically it allows you to make all of the settings read only. The file that you'd be interested in modifying is: /etc/gconf/2/path You should be able to lock down most settings nice and tight.
I'm a former student of Robert G. Valiant, whom I believe works/worked for CTA a while back. Say hi to him for me.
.kde directory (lots of programs need a directory to store data in, they get it from a .kde config file, but the config file says /home/username/data rather than ~/data, so copying .kde directories leads to weird hard-to-reproduce errors).
As other posters have said, use KDE 3. You'll need to write some scripts to set up the accounts properly, since you really can't set up multiple accounts in KDE by copying the
KDE3 has a nifty kiosk mode, which I don't think anyone has mentioned. It allows you to restrict access to programs on the application menu only - people don't get a terminal, and they don't get any filesystem access through the file manager. It's great for Web browsing and e-mail, though it can lead to trouble when you want to, say, rename a file.
Use KDE, NIS, and NFS so home dirs are shared across the system, of course. That's easy to set up. Using rdist for the KDE distribution itself is a good plan too.
If you spend the time to set up Linux properly, it's a very competitive alternative to Win2K for public labs.
The biggest one I can think of is the "linux Terminal Server Project",
ltsp
Which has been adapted to public schools in the form of:
k12ltsp
The linux in education folks have tons of info on doing stuff like this and are very wise about digital divide issues.
Here are some links:
open source schools
School Forge
k12os
SEUL/Edu
Some case studies:
seul dat
There is also Simple End User Linux (SEUL)
SEUL
RedHats "Open Source Now" initiative has listings of people in the area who can help out. They also have a bunch of "why's" and "hows" on their site.
Open Source Now
I should be listed there in the Army of Friends, but have not gotten around to putting myself up. Feel free to contact me at cschwan4@attbi.com, as I am in the Seattle area.
Doing this kind of thing is a great interest of mine, and I work in education to help make these transistions.
Hope this helps.
You didn't quite specify in your question if the users of the system should be able to store files or not ... the design of such a system would kinda depend on this factor.
/desktop/menus (keep his dir as small as posible, remeber to disable mozilla's cache). then tar this up.. Change your init scripts to set up a ram disk (8 megs or so should do), and mount that on the users home dir. The modify your inittab to start your kiosk-session script, which in turn starts your kiosk-dm.sh script ..
/ /home/guest/* /home/guest/.* /usr/share/guest.tar.gz /usr/X11R6/bin/xinit kiosk-session.sh
/home/guest/.xinitrc guest
.xinitrc file.. this way they can select a language before any apps are started, and everything should work automagicly (as long as you installed all the locales).. it is included in the redhat 8.0 beta (null)
But lets pretend they do not have write permission, or save their files on a common shared (nfs) directory. Then one would take a basic redhat system, set up the 'guest' users envirioment
The kiosk-dm script would untar the guest's home dir to the correct spot, and start's X using your custom xinit script:
while 1; do
cd
rm -rf
tar xvfz
done
this kiosk-session.sh script would do something like:
exec su --login --command
This way, the user can 'log out' of xwindows, the home dir gets cleaned & restored, and a brand new x-session (restored from original config) is displayed.. Since eveything is on a ram drive, nothing that can break! (the guest user has no write perm on the rest of the file system, so can only fuck up his own home dir, which is cleaned every session)
Now if you want a user to be able to log in, keep his files, etc.. that be a whole other situation.. nfs mounted home dirs, authorisation via kerebos, and all that..
Now you also asked for multi-language support.. I would sugest getting your hands on the null beta (gonna be redhat 8.0), it has better UTF-8 support then i've seen before in any linux distro.. as a browser, use mozilla for decent internationalisation support.
As a added bonus, start up redhat-config-language first in your guest's
KDE has a kiosk mode. I'm not that familiar with it, but you can find the README file here:
README.kiosk
This is for KDE 3.0.
good luck!
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
Well, in my opinion he's risen out the right question.
/. month or so ago.
There should be some HOWTO for that kind of thing, at least if you wanna see some more desktops joining in. I remember when everybody was eager to help schools to move to linux.
HOWTO
-----
Process should be divided to some various points.
1. Securing machine.
Securing bios, lockaway of power and reset button
2. Securing boot loader to disable user commands to kernel. You can even compile kernel to make some improvments to that point
3. Securing interactive service boot mode, make a change in rc scripts just to comment the lines waiting for input key to start interactive mode.
4. Securing X by disabling accessing terminals with Ctrl + Alt + F?
5. Disabling reboot without password and disabling reboot with Ctrl + Alt + Del (otherwise in some various points Ctrl + Alt + BckSpc and Ctrl + Alt + Del might enable user to reboot)
6. Disabling any kind of autologin
7. Next thing is securing desktop manager
It could be done in some various ways but best in my opinion is forst one.
Personally I don't think that idea with guest accounts would be good. Much better choice is LDAP users and LDAP login. With this you can have as many centralised users as you want. But every new user gets new preferences and every user is able to choose desktop (Still you can install only one and disable that choice if you want equal desktops). Just protect icons on desktop for softwares you want (chmod 555).
Extend that option with NFS share for storing their home folders. You just got your self moving profiles accessible from any computer in network.
Second idea is far easyer to achieve. after session, delete home folder, recreate new one from templated one with rsync and here is the point where user modifications to desktop are reset
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition