Slashdot Mirror
Linux and Public Access Computing?
An Anonymous Coward asks: "The Seattle Community Technology Alliance is a non profit, federally funded, public/private project that supports community technology centers in the Seattle area. We are interested in moving our public workstations from Win 2000 to Linux. In order to do this, we need good multi-lingual options and the abiltiy to create 'guest accounts' that prevent users from changing settings (to provide a consistent environment for users). What are the best tools for multi-user Linux labs? Should we use KDE? Gnome? How do we keep users from changing settings? We are eager to start experimenting, but would appreciate expert advice on starting points!"
How does one go about getting federally funded for something like this. I _dream_ of doing something like this for my sleepy town.
Don't make me give money to Matthew "The Riddler" Lesko.
"More organs means more human." - Zim
And to think, people dare to say Linux users aren't helpful and friendly!
Use FreeBSD. Run the guest sessions in a jail. And don't give them ownership of their own home dir, either. that'll fix them right good. and use windowmaker.
But these are EASY questions.
Choose any of the larger distributions you wish. Red Hat, Suse, whatever.
Use KDE. Windows users freeze the second they see Gnome.
Guest accounts and multiuser environments are what Linux is all about.
As far as locking down the desktop, Linux and KDE are infinitely configurable so this won't be a problem. Alternatively, if you are just using guest accounts, let them change what they want then have the logout script clean out their home directory. That way every time a new guest logs in, It's a brand new desktop.
http://www.linux.org/docs/ldp/howto/Kiosk-HOWTO. html
I would start here.
-=Skip
Why would you switch from windows2000. Windows2000 is a pretty recent OS and obviously you already have your licencing costs paid for. What would be the point in changing over a system that is already relatively up to date. If you were using win 3.1 or even win95 I could understand but I don't see why you would switch from a recent and generally (despite what linux zealots say) solid OS.
Personally I could say that switching a bunch of computers that are already up to date as a SERIOUS waste of taxpayers money. Switch those systems in 4 or 5 years when you really need to. Then you can think about using linux.
GoatPigSheep, the 3 most important food groups
How about that Knoppix distro or similar that run completely from CD (or loads from it anyway).
After user is done, reboot and next one gets a fresh clean install. Plus, no data kept, so nothing for "The Man" to subpoena, no privacy to invade/violate.
- JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
except for .bashrc and a script that puts everything back in order on login? (Hint: put the "guest" ~ on a ramdisk so this doesn't cause slow login.)
Might be nice to have a policy "You can't 'check out' until you log out." so no one gets stuck with someone elses freakish preferences.
Or you could just give away (restricted) accounts with ~ on NFS, a small quota, and automate removal after 30 days of inactivity or something.
-Peter
Do you not read the myriad horror stories posted on here about Microsoft extorting schools and other public organizations for expensive license fees?
Is the troll well fed, now?
Well, it seems that first of all you should really research Linux in general. I know that you are eager to get off of Win2K, but you should really make sure that everyone is well trained. Users too need to be trained, so that they aren't confused. You should read up on the permissions structure (and alternatives like Novell's E-Directory), and fully understand Linux before you go slapping it on everyone's boxes.
The reason I bring up this, is because from your question, it seems that you are new to Linux- in the fact that you don't know how to deny permissions, the differences between KDE and GNOME, guest accounts, etc.
So go get Linux, format your box, test it out!. Experienment, and try different Distros. I would sugest one without too much bloating, but that's my personaly opinion. You don't want people in the public to get a bad opinion of Linux because of messed up public Linux boxes.
Tibbon
tibbon.com
Check out http://www.dnalounge.com/backstage/src/kiosk/ for information about how they set up their Kiosks. It might give you some ideas for starting points, the have similar goals and an extremely "hostile" environment.
What, the vim book review, "fastest browser" and "developers prefer Debian, vi and GNOME and are mostly married or living with someone" study weren't enough?
By way of an answer, I'd give an edge to KDE only because of wider Unicode support. You say you want multi-language support, and in Seattle, you'd be especially concerned about Asian languages, particularly Chinese, right? Until GNOME apps are widely ported to GNOME 2 (and then have gone through an upgrade cycle or two), KDE is probably a better choice.
Like someone else said, the best thing to do is probably to have the logout script clean out and replace the guest account each time it runs.
What I'm listening to now on Pandora...
This is a nice idea for a community but I suggest having user accounts in addition to one main guest account. If someone is going to come and use the machine enough, give them a restricted account so that they can personalize their desktop. KDE and Gnome both have good user management tools, so don't restrict yourself or your users if you don't need to.
~ now you know
If I did I'd tell you to contact another Gov funded project called SLAC (Stanford Linear Accelerator Center) They have without a doubt the best linux setup for lab work you will ever see. The tools etc of course are available to you, free of charge, and the people who work there are more than just helpful. the URL is http://www.slac.stanford.edu/ to start checking them out. They run 2000 server clusters and are fast approaching 1 petabyte of data. So they do know there stuff. AND it's a Linux house to boot. Sometimes Gov funded orgs do it right and these are some people who prove this is true.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
What are they doing on these general purpose machines? Are they essentially a kiosk to get online with? If so, maybe you should consider OEOne. This was previously mentioned on Slashdot a few days ago. It sits on top of Red Hat and looks like it gives the users the basic internet capabilities they need. I'm not sure how well it will lock down, however. I just thought I'd mention it since I'm thinking about setting up a box running this for my parents.
WTF?
Not any Canadian I know.....
W.R. McDougall, seek some serious mental help.
Never by hatred has hatred been appeased, only by kindness - the Buddha
If you are going to allow them to have access to CD-ROM or diskette, you could either set the sys up to look for these for default pref files in those spots first before resorting to the default setup.
That way frequent vistors with their own personal stuff and preferences that are burnt on a CD or on a diskette (if they can fit it all on that) can use these mediums when they visit.
Or
It'd be cooler if when they choose their desktop background, they automatically can save their config file that points to it on a diskette along with other prefs for instance.
If any of that is possible.
Jamie Zawinski of mozilla and xscreensaver fame owns a nightclub in San Francisco called DNA Lounge.
He installed IRC, telnet, ssh and web enabled diskless linux kiosks for just this purpose. His code is available, as well as instructions on how he did it. It may give you a good place to start.
best web host ever
The desktops should be put together in a kiosk fashion. Whatever desktop you end up using should be absolutely simple.
The best thing would be for a featureless desktop with the few handful of applications that are allowed to be used as clickable icons on the desktop. A taskbar is not needed, in fact it shouldn't even be welcome.
Having a taskbar, with a number of applications available through a Windows-Start-Menu-Like system can provide far more functionality then is needed. Sure, you can edit the taskbar "Start-Menu" to include only a few applications, but then what is the point to having a "Start-Menu"?
All that is needed is a basic web browser that supports currently used web elements. Not just standards, but things that are used across most web-sites. That means Flash Support, Java Support and a host of other web technologies.
The important thing is to have that all setup properly with all the correct plug-ins in place. If those are missing, then you will see the users gravitating away from those systems.
Probably the best thing to do, would be to setup a specially tweaked Windows machine and one of these specially tweaked Linux Machines. Both can have the same basic applications available that the public-access users will be wanting to use...
Here is one thing that might hold you up...
IRC, Yahoo! Messenger, Aol Instant Messenger and MSN Messenger. These are all used on public access machines. To confirm this, check out the public access machines at Kinko's, also check out public access machines at college campuses. All of those are installed onto those machines.
Setup a Windows machine with only IE and those messenging services Icons on the destktop. This can be done using Group Policies.
Setup a Linux desktop with just a Mozilla or other web browser link on the desktop. Then one of those "Easy to use" multi-client chat programs as a link on the desktop.
Run both of those machines side by side. Track how many people use both machines. You might be surprised to find that more people will end up using the Windows machine, simply because of those messenger clients.
You can even remove the messenger clients and you might find that more people will still end up using the Windows machine, due to the better font handling and other things that they are used to.
Do this experiment before you take a leap and radically alter your configurations.
-.-
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
If you use GNOME... you can lock down most of the settings (in GNOME 2 atleast) by just changing your GConf settings. Basically it allows you to make all of the settings read only. The file that you'd be interested in modifying is: /etc/gconf/2/path You should be able to lock down most settings nice and tight.
http://www.brigadoon.de/peter/kde/t1.html
This may be a little out of date by now, but I think they have a mailing list as well.
A few security suggestions:
If you are creating public access Linux boxes, do the rest of the internet a favor and strictly restrict all internet access out as well as in. This protects everyone else in case a local user roots a box.
Don't put floppy drives in the systems, and disable the CD drives. This will help prevent a user from walking in with a disc of exploits and root kits, forcing anyone who wants to use local hacks to go download the hacks, which you can track in firewall logs.
Aesthetic suggestions:
Consider renaming all the KDE/Gnome apps withing the config files. Many Linux apps have lame, undecipherable names (Stick a G in front of the name of a python actor type crap.), and if you make the purpose of an app obvious, a newbie will learn the real name of the app over time.
Do your users a huge favor and avoid Gnome. KDE is a much easier transition for Mac/Windows users.
As evidenced here , MS has already placed a significant stake with the SCTA. With this understanding, and their advocacy of .NET, is this another Junis Post? I mean, I would definately anticipate the editors have researched this submission. Click through their site (SCTA) and consider the question from this point of view:What is the biggest threat to MS. Who do you ask, and who will most likely define the weaknesses.
Please analyze the facts before you mod.
If we don't fight for ourselves no one will.
Try the K12LTSP distro, a modified LTSP setup ready-to-install. It has Mozilla, OpenOffice, etc., and will likely be updated to GNOME2 goodness once the latest 7.4/8.0 limbo/null/whatever betas are done.
The diskless terminals boot from a floppy or NIC bootrom, with the K12LTSP server doing all of the heavy lifting. I've used Pentium 90s and worse for the terminals.
k12ltsp.org
Implementing guest accounts is real easy, but requires just a little bit of custom programming. The trick is to have a separate guest account for each terminal in the lab, and a custom login script that logs in to the guest account that's assigned to the login tty port.
After logging out, the script wipes out the account's home directory, and restores the default home directory contents from a skeleton model, somewhere. After logging in they can mess things up as much as they want. After logging out the account gets wiped out, and restored to a default state.
Yup, I read those. And you know what? MS does that behavior to everyone, it's not just the schools or other public organizations, it's how they do business. It is, after all, their product(s) and they can license them under whatever terms they want (even if those terms suck donkey). The problem I have is that I have seen and read stories of how some organization left Windows beacuse of the predatory nature of MS, went to Linux-land, and then had to go back to Windows because their stuff just wouldn't work unless it was Windows; I've also seen where the same happens because some tech-happy IT guy (or gal) decided to roll-out Linux (to either save money or to "stick it to the man") then to have the CEO/CIO slap their wrists and force Windows back, creating double the work for no freaking reason.
To go to Linux is fine, but it has to be a GOOD REASON, and you have to understand who will be using those machines. Is it an IT person? A student? A grandmother in her mid eighties? The level of knowledge and comfort is key here, especially with a public organization like a library. Go too far off in one direction and you can and do lose the core market.
Like I asked: reasoning.
Oh, and calling me a troll only makes you look like a dork. Grow up.
Here I'll sum up what you'll have to do, based on other posters:
1)Install RedHat, Mandrake, Debian and slackware. Yeah all 4. And then put a difficulty ranking for each one on the computers, like from 1-4 (1 being easiest) assign them all a 1 because everyone is going to tell you that slackware is just as easy as mandrake.
2)Install kde, gnome, windowmaker, blackbox, enlightenment, every other windowmanager that at least 1 person uses. Then install every single theme for them. We all know users want choice, so give them plenty of it. *already laughing*
3)You'll need the Gnome office stuff (gnumeric, abiword,etc), Kdeoffice, openoffice and off course emacs (but if you install emacs, you'll also need vi).
3)Put up posters in the room with penguins biting bill gates, or put "bill doesn't live here anymore" stickers on the machines. This will add to the feel of the room.
4) Make sure there are no windows in the room.
5) Don't forget to have one *BSD machine in the corner that nobody touches, just so the bsd people start complaining that "bsd is so much more 1337 then linux". Don't worry about keeping it up to date, noone will use it.
That should be pretty much the answers you get out of the slashdot community. Personally I'd get Mandrake 8.2 with Kde 3 and Open Office. Entirely free and hell you could probably just boot them all off the same network image if the hardware is the same.
can't sleep slashdot will eat me
I'm a former student of Robert G. Valiant, whom I believe works/worked for CTA a while back. Say hi to him for me.
.kde directory (lots of programs need a directory to store data in, they get it from a .kde config file, but the config file says /home/username/data rather than ~/data, so copying .kde directories leads to weird hard-to-reproduce errors).
As other posters have said, use KDE 3. You'll need to write some scripts to set up the accounts properly, since you really can't set up multiple accounts in KDE by copying the
KDE3 has a nifty kiosk mode, which I don't think anyone has mentioned. It allows you to restrict access to programs on the application menu only - people don't get a terminal, and they don't get any filesystem access through the file manager. It's great for Web browsing and e-mail, though it can lead to trouble when you want to, say, rename a file.
Use KDE, NIS, and NFS so home dirs are shared across the system, of course. That's easy to set up. Using rdist for the KDE distribution itself is a good plan too.
If you spend the time to set up Linux properly, it's a very competitive alternative to Win2K for public labs.
Your only problem would be people swiping the discs, but you could also offer them for sale.
My beliefs do not require that you agree with them.
I am considering, in the FAR future, moving things from Windows to Linux, here in the public library for which I work. One argument I get when I float certain elements of the plan is, "But everyone already knows Windows." (the library's computer classes teach to Windows, not to basic computer literacy.
This made me think... What is more important for the end-user, from the standpoint of computer literacy? Knowing the operating system, or understanding basic functions that are universal across applications?
As patrons shouldn't even be THINKING of accessing the OS, I lean towards emphasizing application functions, such as print, save, etc. Those are the functions the majority of users will be needing anyhow.
That said, I think Linux should work fine, despite the naysayers, so long as the desktop/interface is simple and straightforward enough so that the user doesn't feel the need to plum the depths of the OS (in order to type up their recipe, email their grandson, etc.). In fact, the flexibility of Linux, I believe, enables you to BETTER serve your constituency in this manner.
Plus, Microsoft is pure evil.
Mmmmmm... Bold, yet refreshing!
the Linux Terminal Server Project provides superb tools and software to set up a remote display server, you run all apps on the server and do the display on terminals. It works awesomely well, will ease and centralize your administration, and will work with old systems as terminals. If you have a competent admin, setting up guest accounts should be a breeze with this. You also need a competent admin because the server is a single point of failure and has to be kept well-fed and in working order.
After looking over their site it looks like they are in the same boat as many other large institutions, most especially large universities. That is, they have and support just about everything. There did not appear to be a preference for any particular platform.
I did find the policy banning XP until further notice rather interesting/ammusing, but this was only until they had a chance to evaluate it and any effect it may or may not have on their network. It rather reminds me of Netware administrators banning Windows 95 when it was first released.
The biggest one I can think of is the "linux Terminal Server Project",
ltsp
Which has been adapted to public schools in the form of:
k12ltsp
The linux in education folks have tons of info on doing stuff like this and are very wise about digital divide issues.
Here are some links:
open source schools
School Forge
k12os
SEUL/Edu
Some case studies:
seul dat
There is also Simple End User Linux (SEUL)
SEUL
RedHats "Open Source Now" initiative has listings of people in the area who can help out. They also have a bunch of "why's" and "hows" on their site.
Open Source Now
I should be listed there in the Army of Friends, but have not gotten around to putting myself up. Feel free to contact me at cschwan4@attbi.com, as I am in the Seattle area.
Doing this kind of thing is a great interest of mine, and I work in education to help make these transistions.
Hope this helps.
Here are some hints...
Securing your box.
Now, secure your box... And please stop trolling.
Nuff said.
I've set up a few machines now, each running Debian (Testing, even), that are now in use as public terminals in a university library. They have a minimum of software installed, but Mozilla and Opera for browsing, Acrobat reader and AbiWord for documents, as well as lynx, telnet, ssh, and scp available in xterms (each launched via xterm's '-e' option, so that the xterm quits when the program running in them quits). For ssh and scp, I wrote a couple of simple scripts, using 'dialog' to get input for hostname, username, etc. I'm using IceWM (no Gnome or KDE), with extremely minimal menus and no logout command; it's very fast, and has a Windows-like theme so that it looks familiar to most people. KDM handles auto-login very nicely. Automount handles floppy disks (so users can copy files to and from remote machines without having local hard disk access). Finally, since the machines have identical hardware, I built a custom kernel package for them.
.mozilla (or whatever directory/file is appropriate) from a master, root-owned, read-only copy. Beyond that, to increase security on the machines, I turned off the various virtual terminals on the console, tightened up /etc/fstab (noexec in /tmp, for example), configured grub appropriately, set up ssh for remote admin (actually the only way I can get a command line on the machine), and set up some simple firewalling rules.
/etc, scripts from /usr/local/bin, and preferences from /home/pubacc, all of which are backed up and ready for a reinstall. But, if you've got lots of machines to duplicate, there are likely more efficient methods -- like running a terminal server; see, e.g., the Linux Terminal Server Project or the K12 Linux Project.
For a 'guest' account, I set up a user in a unique group, and chown'ed all the files in that user's home directory to root, leaving them read-only for the guest. Problem: some programs expect to be able to write to disk, e.g., Mozilla expects to be able to make changes in $HOME/.mozilla -- so I wrote a simple script for each such program that, if the program isn't already running, will restore
So far, these machines have been completely stable, and our users have been pleased, even those using it mainly to check Hotmail, Yahoo, etc. It's reasonably easy to duplicate across various machines, too -- for only a few machines, this works fine: dpkg -[get|set]-selections to save and set which packages are installed, plus save settings from
My recommendation: it's definitely worth a try setting up Linux machines as public access terminals, especially if the programs the users need are few in number (e.g, web browser, telnet, ssh, and pdf viewer, which is all just about everyone in our library wants on a regular basis). Just be prepared to do a little fiddling or simple script-writing to handle programs that expect read-write access to the guest account's home directory, and/or provide an interface for programs that normally are run from the command line.
(just so i'm not being overly vague: "because it's only 15 miles from Redmond...")
It's easy to spot a trolling post, especially when they have a whole tirade explaining why a group wouldn't want Windows machines, and then suggests that they aren't moving to Linux for a good reason :)
A non-trolling post would have actually tried to answer the question of the post, what's a good environment, not posed an off-topic, inflammatory comment.
Moderation: Put your hand inside the puppet head!
You didn't quite specify in your question if the users of the system should be able to store files or not ... the design of such a system would kinda depend on this factor.
/desktop/menus (keep his dir as small as posible, remeber to disable mozilla's cache). then tar this up.. Change your init scripts to set up a ram disk (8 megs or so should do), and mount that on the users home dir. The modify your inittab to start your kiosk-session script, which in turn starts your kiosk-dm.sh script ..
/ /home/guest/* /home/guest/.* /usr/share/guest.tar.gz /usr/X11R6/bin/xinit kiosk-session.sh
/home/guest/.xinitrc guest
.xinitrc file.. this way they can select a language before any apps are started, and everything should work automagicly (as long as you installed all the locales).. it is included in the redhat 8.0 beta (null)
But lets pretend they do not have write permission, or save their files on a common shared (nfs) directory. Then one would take a basic redhat system, set up the 'guest' users envirioment
The kiosk-dm script would untar the guest's home dir to the correct spot, and start's X using your custom xinit script:
while 1; do
cd
rm -rf
tar xvfz
done
this kiosk-session.sh script would do something like:
exec su --login --command
This way, the user can 'log out' of xwindows, the home dir gets cleaned & restored, and a brand new x-session (restored from original config) is displayed.. Since eveything is on a ram drive, nothing that can break! (the guest user has no write perm on the rest of the file system, so can only fuck up his own home dir, which is cleaned every session)
Now if you want a user to be able to log in, keep his files, etc.. that be a whole other situation.. nfs mounted home dirs, authorisation via kerebos, and all that..
Now you also asked for multi-language support.. I would sugest getting your hands on the null beta (gonna be redhat 8.0), it has better UTF-8 support then i've seen before in any linux distro.. as a browser, use mozilla for decent internationalisation support.
As a added bonus, start up redhat-config-language first in your guest's
Well, I'm not exactly sure what your specific purpose here is, but I know that the Indianapolis / Marion County Public Library Has set up little Linux kiosks that talk to their main server for doing things such as performing book searchs by title, author, etc and then taking those searches and adding them to your request database.
If this is all for non-profit type of work you might drop them a line and see if they can get you in touch with how helped them set it all up.
I know that the terminals are relatively dumb, and may even be using some form of LTSP (Linux Terminal Server Project) because when they reboot they drop directly back to a bare desktop with only icons for the software to do their catalog search. So in essence they are all guest accounts.
"Genius may shine aloof and alone, like a star, but goodness is social, and it takes two men and God to make a Brother."
KDE has a kiosk mode. I'm not that familiar with it, but you can find the README file here:
README.kiosk
This is for KDE 3.0.
good luck!
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
http://gslug.org/
http://www.seaslug.org/
-- Who is the bigger fool? The fool or the fool who follows him? --
Kind of interesting that they are going after Linux when one of their sponsers in Microsoft.
m l
http://cityofseattle.net/tech/scta/corporate.ht
It says "Microsoft will contribute more than $200,000 in software".
Diskless customisable thin client with Netscape, VNC, Telnet, broadband, etc, and audio. $200 per unit plus some kind of monitor.
They're cheap, run linux and hard to hack. (Also largely valueless from a theft standpoint.)
Qustion is: Do they have enough horsepower for your needs?
"Draco dormiens nunquam titillandus."
I remember a long time ago setting an environment up at home with VNC so I could surf to any web site at work through my web browser.
anyways, it became a hit at work and I ended up with 50 people using my box.
you just have to set the permissions correctly for the directories by using groups
and you can configure kde and gnome to work the way you want
it is a big step to read all the materials, but the manuals really help out.
I remember reading that the Apple Stores which allow anyone to play on their computers push the entire disk image to the computers every night. This way it ensures they are all the same afterwards and everyone has the same experience.
This sounds a sledgehammer to crack a nut. It should only be necessary if there are no effective access controls to prevent end users trampling on system areas.
is that it seems (from the HOWTO) that if you reboot the machine, you get to a lilo prompt and you can easily do something like "linux 1 initrd=/bin/bash" and boot directly into a prompt where you could change the root password without any trouble at all..
what other boot loaders are out there than have the functionality to "lock it down" to where the boot options can't be changed?
THAT'S gonna hurt. You asked which is better to use, KDE or Gnome. You are now certain to get a slew of messages from the Gnome fanatics and KDE fanatics telling how the other guy SUCKS. You didn't know, I'm sure. For future reference, try to inquire about both by using as neutral a tone as absolutely possible. The question itself, how it is specifically written matters and in this case it implies a winner and a LOSER! with a big "L" on its forehead.
I'll fix you right up though, save you the need to read rants and raves. Use KDE, it's the best, most mature, and integrated solution...NO WAIT! Use Gnome, IT is the cleanest, purest, most politically correct, mature, and...ah f*ck it. Toss a frickin coin.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Some BIOSes let you lock down the floppy drive too,
/dev/fd1 and it cannot be booted from at all.
Even if they don't reconnect the FDD as
Not necessarly. They do not need to edit
ALso how do you do a gradual upgrade? Employees who have not upgraded yet will still send
You know MacOSX might be a better desktop option if the cost of Windows is too high. Employee's can have their palm pilots, Microsoft office if needed(shudder) is there, better nds and active directory support, very easy to use, IE support, true printing, etc all with the benefits of lower tco of unix. It is a much better desktop and still is a unix. The reason I am not a macosx user is because a mac system is too expensive and slow for video games. Cocoa looks awesome and if I get better at programming I may switch totally.
http://saveie6.com/
after having setup a public library to use linux on the desktop (twice), i'd really encourage you to check out LTSP.
My first go-round with the library, i did what you're looking at (a full blown distro on each machine). it worked very well. i created an install disk that created a nice, locked down desktop, etc. But then we started changing things like printer IPs and proxy server addresses and wanted uniform bookmarks, etc. And changing little things started to be time consuming.
With LTSP you change things in one place, reboot the clients and they're all pointed at the new proxy or whatever. Besides, booting off the network and using ram disks made me feel a lot better when patrons kept just turning the machines off without shutdown now -r. no more fsck, ect.
one more thing. using netscape i was able to edit the preferences.js file to disable all sorts of menus, settings on the web browser. i haven't tried doing the same with mozilla, but you'll probably want to make sure you use a browser with a lockable config file so kids can't change the homepage to playboy.com or whatnot.
jim
You didn't say what the machines are going to do or what you server situation is. Linux with KDE and a browser-only version of Mozilla (no mail or news) would make for a very good web terminal, complete with Flash support. And if you have a couple of good file servers sitting behind it, you can network-boot them so that machines are interchangeable and don't necessarily need any software installed on them. Then you're just in the business of maintaining file servers, but they don't need to be big ones as they'd have to be if you were deploying, say, X terminals.
But what else do people do at these terminals? Do they get to use Word and Excel? Any custom Windows-based reference tools that aren't available over the web? Educational titles?
StarOffice/OpenOffice is okay, but it can be a little confusing for the kiosk user. It's one thing for a consumer or office worker to spend a couple of hours getting the hang of it if they're replacing MS Office with it. It's quite another to expect people to be productive in it on a casual, walk-in basis. You'll probably also want to customize it to replace the load/save buttons on the OpenOffice toolbars with buttons hooked to macros that load and save in MS Office formats by default. A kiosk user probably isn't going to want to save things in native StarOffice formats.
By all means ignore others' advice to remove floppy drives if you want. If you're comfortable with letting people use floppies to load and save their work under Win2000, you can do it just fine with Linux.
One nice potential savings with Linux is that you can present a customized, locked-down desktop environment like those that Windows system-management tools let you create--without any additional software or fees necessary. Take KDE and modify the guest "start" menus and desktop to include only the things you want to offer: the browser, maybe some desktop shortcuts to popular webmail services and instant-messaging tools, the word processor, a floppy formatter, and a logout button, for instance.
I'm still not convinced there are good reasons to switch over; you certainly don't want to make the systems less useful to the people who use them. I'm assuming you're facing mandatory upgrades from Microsoft and will soon have to choose between paying $300 per machine in Software Assurance with more of the same in two years, or biting the bullet and getting rid of the commercial software.
Depending on your needs, it certainly can work, and can work well. Linux (and Unix in general) is a great way to deploy rock solid centrally-managed, locked-down systems at a low cost. Just make sure you can give people the applications they need and present them in an easy-to-use, zero-training way.
LTSP is a good suggestion.
first of all saying "u" brings bias against yourself.
/tmp behaves and you'll see what i mean).
/tmp or even just giving them enough write permissions to deal with temp files for KDE/GNOME and the web browser (i.e. let root own guests directory with global read then parts of ~guest/.kde are global write). For this type of system, that's fine.
First of all, remember that you have the sticky bit to work wthin directory perms (look at how
Actually, setting the guest user's homedir to
if you want to disallow write access to a file then just change the owner and make the file globally readable...
And please don't make wide and unfounded generaliztions about unix if you're going to be wrong.
Brian
1) Why would lab workstations be running IIS?
2) Do you even know what Active Directory is?
Aw, fuck it. Let's go bowling. - The Big Lebowski
The sooner people realize how easy this stuff is, the sooner they will use it and discover how easy it is.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Here's my minority report from off the deep end. It sounds like to me that you will have someone maintain the boxes, and that all the user will ever see is the desktop. Fine. Then try FreeBSD.
FreeBSD is very easy to administer and has all the software Linux has. Stability and security is your prime concern in a public environment like this, and FreeBSD holds its own here. Only a few Linux distros can compare in this area (and the for-the-masses distros aren't them).
A Government Is a Body of People, Usually Notably Ungoverned
Law should require that donations be valued at marginal cost AND NOT the price they charged some other guy or even the price they'd like to have charged.
:(
It's very easy why, but in the land of Economics (USA) nobody can see something as easy as that
Companies are really abusing the economy and the citizens. But people will figure it at some point, if not already doing it (i have doubts though)
unfinished: (adj.)
"Login accounting [] can also be handled this way - somewhere in PAM"
:)
Why bother when you've got process accounting?
As for front-end, you don't need anything spectacular at all; I've seen very useable terminals in Brighton hospital here in the UK, where the WM was basically fvwm(2/95) but with galeon running full-screen, access only to a proxy that required login to let you out on the 'net for real. See http://www.pienetworks.com/products/index.htm for more
~Tim
--
Rushing on down to the circle of the turn
Much more secure than Linux and therefore better for a public environment. As for desktops: Maybe something simple like FVWM. KDE has too many bells and whistles and therefore will be tough to secure against abuse.
Unix, on the other hand, was designed -- from the start -- as a multi-user operating system. Running it as a desktop operating system is simply the degenerate case of N==1.
Unless users find a local root exploit, they pretty much can't mess up each others' settings. There are the system-wide settings which are generally controlled by the system's administrator and then there are the user settings which can usually override the system settings -- but only for that user.
All user settings (with the exception of the password information) are stored in the user's home directory. In a normal setting, users have full control over the contents of their home directory.
Under normal conditions, If I (as a regular user) install an application, other users wouldn't have access to them unless (1) I allowed them permission to access them, and (2) they explicitly referenced my installation.
[
- About the only time you'll see two users' preferences getting in the way of each other would be if you were running two separate X servers in different virtual consoles. It allows for rapid switching between users, but runs into the problem of fighting over things like the sound hardware (I guess you could install two sound cards, but that's getting into woo-woo land for me.
:1 . For RedHat, it'll start the extra login screen in console 8.
]I've tested such an installation and it works, but it's not an any default setup that I know of. It's just fun to experiment with. All you have to do is add an entry to the xdm/Xservers file to start a second server on display
Free Software: Like love, it grows best when given away.