Slashdot Mirror
Linux and Public Access Computing?
An Anonymous Coward asks: "The Seattle Community Technology Alliance is a non profit, federally funded, public/private project that supports community technology centers in the Seattle area. We are interested in moving our public workstations from Win 2000 to Linux. In order to do this, we need good multi-lingual options and the abiltiy to create 'guest accounts' that prevent users from changing settings (to provide a consistent environment for users). What are the best tools for multi-user Linux labs? Should we use KDE? Gnome? How do we keep users from changing settings? We are eager to start experimenting, but would appreciate expert advice on starting points!"
How does one go about getting federally funded for something like this. I _dream_ of doing something like this for my sleepy town.
Don't make me give money to Matthew "The Riddler" Lesko.
"More organs means more human." - Zim
except for .bashrc and a script that puts everything back in order on login? (Hint: put the "guest" ~ on a ramdisk so this doesn't cause slow login.)
Might be nice to have a policy "You can't 'check out' until you log out." so no one gets stuck with someone elses freakish preferences.
Or you could just give away (restricted) accounts with ~ on NFS, a small quota, and automate removal after 30 days of inactivity or something.
-Peter
What, the vim book review, "fastest browser" and "developers prefer Debian, vi and GNOME and are mostly married or living with someone" study weren't enough?
By way of an answer, I'd give an edge to KDE only because of wider Unicode support. You say you want multi-language support, and in Seattle, you'd be especially concerned about Asian languages, particularly Chinese, right? Until GNOME apps are widely ported to GNOME 2 (and then have gone through an upgrade cycle or two), KDE is probably a better choice.
Like someone else said, the best thing to do is probably to have the logout script clean out and replace the guest account each time it runs.
What I'm listening to now on Pandora...
If I did I'd tell you to contact another Gov funded project called SLAC (Stanford Linear Accelerator Center) They have without a doubt the best linux setup for lab work you will ever see. The tools etc of course are available to you, free of charge, and the people who work there are more than just helpful. the URL is http://www.slac.stanford.edu/ to start checking them out. They run 2000 server clusters and are fast approaching 1 petabyte of data. So they do know there stuff. AND it's a Linux house to boot. Sometimes Gov funded orgs do it right and these are some people who prove this is true.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
If you are going to allow them to have access to CD-ROM or diskette, you could either set the sys up to look for these for default pref files in those spots first before resorting to the default setup.
That way frequent vistors with their own personal stuff and preferences that are burnt on a CD or on a diskette (if they can fit it all on that) can use these mediums when they visit.
Or
It'd be cooler if when they choose their desktop background, they automatically can save their config file that points to it on a diskette along with other prefs for instance.
If any of that is possible.
Jamie Zawinski of mozilla and xscreensaver fame owns a nightclub in San Francisco called DNA Lounge.
He installed IRC, telnet, ssh and web enabled diskless linux kiosks for just this purpose. His code is available, as well as instructions on how he did it. It may give you a good place to start.
best web host ever
About the logout script. Just make sure you can read the SKEL files. Then make that logout script owned by someone other then the guest user, and make it read only by others.
I've always thought, if I was going to setup computers in a public area (such as a library), I'd easily go Linux over Windows. With windows, you either have to grab the most PITA programs to lock down a desktop (and break half the other things running), or you find the worst junk installed on it. Speaking of which, find an open source AIM/ICQ/MSN/whatever client. Under linux, you should be able to throw together a pretty TK/perl script to setup accounts. I've noticed many users love their IM. And, since the accounts are supposed to be wiped at each logout, everything is good.
Just my $.02
I've set up a few machines now, each running Debian (Testing, even), that are now in use as public terminals in a university library. They have a minimum of software installed, but Mozilla and Opera for browsing, Acrobat reader and AbiWord for documents, as well as lynx, telnet, ssh, and scp available in xterms (each launched via xterm's '-e' option, so that the xterm quits when the program running in them quits). For ssh and scp, I wrote a couple of simple scripts, using 'dialog' to get input for hostname, username, etc. I'm using IceWM (no Gnome or KDE), with extremely minimal menus and no logout command; it's very fast, and has a Windows-like theme so that it looks familiar to most people. KDM handles auto-login very nicely. Automount handles floppy disks (so users can copy files to and from remote machines without having local hard disk access). Finally, since the machines have identical hardware, I built a custom kernel package for them.
.mozilla (or whatever directory/file is appropriate) from a master, root-owned, read-only copy. Beyond that, to increase security on the machines, I turned off the various virtual terminals on the console, tightened up /etc/fstab (noexec in /tmp, for example), configured grub appropriately, set up ssh for remote admin (actually the only way I can get a command line on the machine), and set up some simple firewalling rules.
/etc, scripts from /usr/local/bin, and preferences from /home/pubacc, all of which are backed up and ready for a reinstall. But, if you've got lots of machines to duplicate, there are likely more efficient methods -- like running a terminal server; see, e.g., the Linux Terminal Server Project or the K12 Linux Project.
For a 'guest' account, I set up a user in a unique group, and chown'ed all the files in that user's home directory to root, leaving them read-only for the guest. Problem: some programs expect to be able to write to disk, e.g., Mozilla expects to be able to make changes in $HOME/.mozilla -- so I wrote a simple script for each such program that, if the program isn't already running, will restore
So far, these machines have been completely stable, and our users have been pleased, even those using it mainly to check Hotmail, Yahoo, etc. It's reasonably easy to duplicate across various machines, too -- for only a few machines, this works fine: dpkg -[get|set]-selections to save and set which packages are installed, plus save settings from
My recommendation: it's definitely worth a try setting up Linux machines as public access terminals, especially if the programs the users need are few in number (e.g, web browser, telnet, ssh, and pdf viewer, which is all just about everyone in our library wants on a regular basis). Just be prepared to do a little fiddling or simple script-writing to handle programs that expect read-write access to the guest account's home directory, and/or provide an interface for programs that normally are run from the command line.
Kind of interesting that they are going after Linux when one of their sponsers in Microsoft.
m l
http://cityofseattle.net/tech/scta/corporate.ht
It says "Microsoft will contribute more than $200,000 in software".
I remember a long time ago setting an environment up at home with VNC so I could surf to any web site at work through my web browser.
anyways, it became a hit at work and I ended up with 50 people using my box.
you just have to set the permissions correctly for the directories by using groups
and you can configure kde and gnome to work the way you want
it is a big step to read all the materials, but the manuals really help out.
is that it seems (from the HOWTO) that if you reboot the machine, you get to a lilo prompt and you can easily do something like "linux 1 initrd=/bin/bash" and boot directly into a prompt where you could change the root password without any trouble at all..
what other boot loaders are out there than have the functionality to "lock it down" to where the boot options can't be changed?