Slashdot Mirror
Linux and Public Access Computing?
An Anonymous Coward asks: "The Seattle Community Technology Alliance is a non profit, federally funded, public/private project that supports community technology centers in the Seattle area. We are interested in moving our public workstations from Win 2000 to Linux. In order to do this, we need good multi-lingual options and the abiltiy to create 'guest accounts' that prevent users from changing settings (to provide a consistent environment for users). What are the best tools for multi-user Linux labs? Should we use KDE? Gnome? How do we keep users from changing settings? We are eager to start experimenting, but would appreciate expert advice on starting points!"
And to think, people dare to say Linux users aren't helpful and friendly!
But these are EASY questions.
Choose any of the larger distributions you wish. Red Hat, Suse, whatever.
Use KDE. Windows users freeze the second they see Gnome.
Guest accounts and multiuser environments are what Linux is all about.
As far as locking down the desktop, Linux and KDE are infinitely configurable so this won't be a problem. Alternatively, if you are just using guest accounts, let them change what they want then have the logout script clean out their home directory. That way every time a new guest logs in, It's a brand new desktop.
http://www.linux.org/docs/ldp/howto/Kiosk-HOWTO. html
I would start here.
-=Skip
Why would you switch from windows2000. Windows2000 is a pretty recent OS and obviously you already have your licencing costs paid for. What would be the point in changing over a system that is already relatively up to date. If you were using win 3.1 or even win95 I could understand but I don't see why you would switch from a recent and generally (despite what linux zealots say) solid OS.
Personally I could say that switching a bunch of computers that are already up to date as a SERIOUS waste of taxpayers money. Switch those systems in 4 or 5 years when you really need to. Then you can think about using linux.
GoatPigSheep, the 3 most important food groups
How about that Knoppix distro or similar that run completely from CD (or loads from it anyway).
After user is done, reboot and next one gets a fresh clean install. Plus, no data kept, so nothing for "The Man" to subpoena, no privacy to invade/violate.
- JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
except for .bashrc and a script that puts everything back in order on login? (Hint: put the "guest" ~ on a ramdisk so this doesn't cause slow login.)
Might be nice to have a policy "You can't 'check out' until you log out." so no one gets stuck with someone elses freakish preferences.
Or you could just give away (restricted) accounts with ~ on NFS, a small quota, and automate removal after 30 days of inactivity or something.
-Peter
Well, it seems that first of all you should really research Linux in general. I know that you are eager to get off of Win2K, but you should really make sure that everyone is well trained. Users too need to be trained, so that they aren't confused. You should read up on the permissions structure (and alternatives like Novell's E-Directory), and fully understand Linux before you go slapping it on everyone's boxes.
The reason I bring up this, is because from your question, it seems that you are new to Linux- in the fact that you don't know how to deny permissions, the differences between KDE and GNOME, guest accounts, etc.
So go get Linux, format your box, test it out!. Experienment, and try different Distros. I would sugest one without too much bloating, but that's my personaly opinion. You don't want people in the public to get a bad opinion of Linux because of messed up public Linux boxes.
Tibbon
tibbon.com
Check out http://www.dnalounge.com/backstage/src/kiosk/ for information about how they set up their Kiosks. It might give you some ideas for starting points, the have similar goals and an extremely "hostile" environment.
What, the vim book review, "fastest browser" and "developers prefer Debian, vi and GNOME and are mostly married or living with someone" study weren't enough?
By way of an answer, I'd give an edge to KDE only because of wider Unicode support. You say you want multi-language support, and in Seattle, you'd be especially concerned about Asian languages, particularly Chinese, right? Until GNOME apps are widely ported to GNOME 2 (and then have gone through an upgrade cycle or two), KDE is probably a better choice.
Like someone else said, the best thing to do is probably to have the logout script clean out and replace the guest account each time it runs.
What I'm listening to now on Pandora...
If I did I'd tell you to contact another Gov funded project called SLAC (Stanford Linear Accelerator Center) They have without a doubt the best linux setup for lab work you will ever see. The tools etc of course are available to you, free of charge, and the people who work there are more than just helpful. the URL is http://www.slac.stanford.edu/ to start checking them out. They run 2000 server clusters and are fast approaching 1 petabyte of data. So they do know there stuff. AND it's a Linux house to boot. Sometimes Gov funded orgs do it right and these are some people who prove this is true.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
What are they doing on these general purpose machines? Are they essentially a kiosk to get online with? If so, maybe you should consider OEOne. This was previously mentioned on Slashdot a few days ago. It sits on top of Red Hat and looks like it gives the users the basic internet capabilities they need. I'm not sure how well it will lock down, however. I just thought I'd mention it since I'm thinking about setting up a box running this for my parents.
Jamie Zawinski of mozilla and xscreensaver fame owns a nightclub in San Francisco called DNA Lounge.
He installed IRC, telnet, ssh and web enabled diskless linux kiosks for just this purpose. His code is available, as well as instructions on how he did it. It may give you a good place to start.
best web host ever
If you use GNOME... you can lock down most of the settings (in GNOME 2 atleast) by just changing your GConf settings. Basically it allows you to make all of the settings read only. The file that you'd be interested in modifying is: /etc/gconf/2/path You should be able to lock down most settings nice and tight.
A few security suggestions:
If you are creating public access Linux boxes, do the rest of the internet a favor and strictly restrict all internet access out as well as in. This protects everyone else in case a local user roots a box.
Don't put floppy drives in the systems, and disable the CD drives. This will help prevent a user from walking in with a disc of exploits and root kits, forcing anyone who wants to use local hacks to go download the hacks, which you can track in firewall logs.
Aesthetic suggestions:
Consider renaming all the KDE/Gnome apps withing the config files. Many Linux apps have lame, undecipherable names (Stick a G in front of the name of a python actor type crap.), and if you make the purpose of an app obvious, a newbie will learn the real name of the app over time.
Do your users a huge favor and avoid Gnome. KDE is a much easier transition for Mac/Windows users.
Yup, I read those. And you know what? MS does that behavior to everyone, it's not just the schools or other public organizations, it's how they do business. It is, after all, their product(s) and they can license them under whatever terms they want (even if those terms suck donkey). The problem I have is that I have seen and read stories of how some organization left Windows beacuse of the predatory nature of MS, went to Linux-land, and then had to go back to Windows because their stuff just wouldn't work unless it was Windows; I've also seen where the same happens because some tech-happy IT guy (or gal) decided to roll-out Linux (to either save money or to "stick it to the man") then to have the CEO/CIO slap their wrists and force Windows back, creating double the work for no freaking reason.
To go to Linux is fine, but it has to be a GOOD REASON, and you have to understand who will be using those machines. Is it an IT person? A student? A grandmother in her mid eighties? The level of knowledge and comfort is key here, especially with a public organization like a library. Go too far off in one direction and you can and do lose the core market.
Like I asked: reasoning.
Oh, and calling me a troll only makes you look like a dork. Grow up.
Here I'll sum up what you'll have to do, based on other posters:
1)Install RedHat, Mandrake, Debian and slackware. Yeah all 4. And then put a difficulty ranking for each one on the computers, like from 1-4 (1 being easiest) assign them all a 1 because everyone is going to tell you that slackware is just as easy as mandrake.
2)Install kde, gnome, windowmaker, blackbox, enlightenment, every other windowmanager that at least 1 person uses. Then install every single theme for them. We all know users want choice, so give them plenty of it. *already laughing*
3)You'll need the Gnome office stuff (gnumeric, abiword,etc), Kdeoffice, openoffice and off course emacs (but if you install emacs, you'll also need vi).
3)Put up posters in the room with penguins biting bill gates, or put "bill doesn't live here anymore" stickers on the machines. This will add to the feel of the room.
4) Make sure there are no windows in the room.
5) Don't forget to have one *BSD machine in the corner that nobody touches, just so the bsd people start complaining that "bsd is so much more 1337 then linux". Don't worry about keeping it up to date, noone will use it.
That should be pretty much the answers you get out of the slashdot community. Personally I'd get Mandrake 8.2 with Kde 3 and Open Office. Entirely free and hell you could probably just boot them all off the same network image if the hardware is the same.
can't sleep slashdot will eat me
I'm a former student of Robert G. Valiant, whom I believe works/worked for CTA a while back. Say hi to him for me.
.kde directory (lots of programs need a directory to store data in, they get it from a .kde config file, but the config file says /home/username/data rather than ~/data, so copying .kde directories leads to weird hard-to-reproduce errors).
As other posters have said, use KDE 3. You'll need to write some scripts to set up the accounts properly, since you really can't set up multiple accounts in KDE by copying the
KDE3 has a nifty kiosk mode, which I don't think anyone has mentioned. It allows you to restrict access to programs on the application menu only - people don't get a terminal, and they don't get any filesystem access through the file manager. It's great for Web browsing and e-mail, though it can lead to trouble when you want to, say, rename a file.
Use KDE, NIS, and NFS so home dirs are shared across the system, of course. That's easy to set up. Using rdist for the KDE distribution itself is a good plan too.
If you spend the time to set up Linux properly, it's a very competitive alternative to Win2K for public labs.
I am considering, in the FAR future, moving things from Windows to Linux, here in the public library for which I work. One argument I get when I float certain elements of the plan is, "But everyone already knows Windows." (the library's computer classes teach to Windows, not to basic computer literacy.
This made me think... What is more important for the end-user, from the standpoint of computer literacy? Knowing the operating system, or understanding basic functions that are universal across applications?
As patrons shouldn't even be THINKING of accessing the OS, I lean towards emphasizing application functions, such as print, save, etc. Those are the functions the majority of users will be needing anyhow.
That said, I think Linux should work fine, despite the naysayers, so long as the desktop/interface is simple and straightforward enough so that the user doesn't feel the need to plum the depths of the OS (in order to type up their recipe, email their grandson, etc.). In fact, the flexibility of Linux, I believe, enables you to BETTER serve your constituency in this manner.
Plus, Microsoft is pure evil.
Mmmmmm... Bold, yet refreshing!
The biggest one I can think of is the "linux Terminal Server Project",
ltsp
Which has been adapted to public schools in the form of:
k12ltsp
The linux in education folks have tons of info on doing stuff like this and are very wise about digital divide issues.
Here are some links:
open source schools
School Forge
k12os
SEUL/Edu
Some case studies:
seul dat
There is also Simple End User Linux (SEUL)
SEUL
RedHats "Open Source Now" initiative has listings of people in the area who can help out. They also have a bunch of "why's" and "hows" on their site.
Open Source Now
I should be listed there in the Army of Friends, but have not gotten around to putting myself up. Feel free to contact me at cschwan4@attbi.com, as I am in the Seattle area.
Doing this kind of thing is a great interest of mine, and I work in education to help make these transistions.
Hope this helps.
I've set up a few machines now, each running Debian (Testing, even), that are now in use as public terminals in a university library. They have a minimum of software installed, but Mozilla and Opera for browsing, Acrobat reader and AbiWord for documents, as well as lynx, telnet, ssh, and scp available in xterms (each launched via xterm's '-e' option, so that the xterm quits when the program running in them quits). For ssh and scp, I wrote a couple of simple scripts, using 'dialog' to get input for hostname, username, etc. I'm using IceWM (no Gnome or KDE), with extremely minimal menus and no logout command; it's very fast, and has a Windows-like theme so that it looks familiar to most people. KDM handles auto-login very nicely. Automount handles floppy disks (so users can copy files to and from remote machines without having local hard disk access). Finally, since the machines have identical hardware, I built a custom kernel package for them.
.mozilla (or whatever directory/file is appropriate) from a master, root-owned, read-only copy. Beyond that, to increase security on the machines, I turned off the various virtual terminals on the console, tightened up /etc/fstab (noexec in /tmp, for example), configured grub appropriately, set up ssh for remote admin (actually the only way I can get a command line on the machine), and set up some simple firewalling rules.
/etc, scripts from /usr/local/bin, and preferences from /home/pubacc, all of which are backed up and ready for a reinstall. But, if you've got lots of machines to duplicate, there are likely more efficient methods -- like running a terminal server; see, e.g., the Linux Terminal Server Project or the K12 Linux Project.
For a 'guest' account, I set up a user in a unique group, and chown'ed all the files in that user's home directory to root, leaving them read-only for the guest. Problem: some programs expect to be able to write to disk, e.g., Mozilla expects to be able to make changes in $HOME/.mozilla -- so I wrote a simple script for each such program that, if the program isn't already running, will restore
So far, these machines have been completely stable, and our users have been pleased, even those using it mainly to check Hotmail, Yahoo, etc. It's reasonably easy to duplicate across various machines, too -- for only a few machines, this works fine: dpkg -[get|set]-selections to save and set which packages are installed, plus save settings from
My recommendation: it's definitely worth a try setting up Linux machines as public access terminals, especially if the programs the users need are few in number (e.g, web browser, telnet, ssh, and pdf viewer, which is all just about everyone in our library wants on a regular basis). Just be prepared to do a little fiddling or simple script-writing to handle programs that expect read-write access to the guest account's home directory, and/or provide an interface for programs that normally are run from the command line.
You didn't quite specify in your question if the users of the system should be able to store files or not ... the design of such a system would kinda depend on this factor.
/desktop/menus (keep his dir as small as posible, remeber to disable mozilla's cache). then tar this up.. Change your init scripts to set up a ram disk (8 megs or so should do), and mount that on the users home dir. The modify your inittab to start your kiosk-session script, which in turn starts your kiosk-dm.sh script ..
/ /home/guest/* /home/guest/.* /usr/share/guest.tar.gz /usr/X11R6/bin/xinit kiosk-session.sh
/home/guest/.xinitrc guest
.xinitrc file.. this way they can select a language before any apps are started, and everything should work automagicly (as long as you installed all the locales).. it is included in the redhat 8.0 beta (null)
But lets pretend they do not have write permission, or save their files on a common shared (nfs) directory. Then one would take a basic redhat system, set up the 'guest' users envirioment
The kiosk-dm script would untar the guest's home dir to the correct spot, and start's X using your custom xinit script:
while 1; do
cd
rm -rf
tar xvfz
done
this kiosk-session.sh script would do something like:
exec su --login --command
This way, the user can 'log out' of xwindows, the home dir gets cleaned & restored, and a brand new x-session (restored from original config) is displayed.. Since eveything is on a ram drive, nothing that can break! (the guest user has no write perm on the rest of the file system, so can only fuck up his own home dir, which is cleaned every session)
Now if you want a user to be able to log in, keep his files, etc.. that be a whole other situation.. nfs mounted home dirs, authorisation via kerebos, and all that..
Now you also asked for multi-language support.. I would sugest getting your hands on the null beta (gonna be redhat 8.0), it has better UTF-8 support then i've seen before in any linux distro.. as a browser, use mozilla for decent internationalisation support.
As a added bonus, start up redhat-config-language first in your guest's
KDE has a kiosk mode. I'm not that familiar with it, but you can find the README file here:
README.kiosk
This is for KDE 3.0.
good luck!
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
Kind of interesting that they are going after Linux when one of their sponsers in Microsoft.
m l
http://cityofseattle.net/tech/scta/corporate.ht
It says "Microsoft will contribute more than $200,000 in software".
Diskless customisable thin client with Netscape, VNC, Telnet, broadband, etc, and audio. $200 per unit plus some kind of monitor.
They're cheap, run linux and hard to hack. (Also largely valueless from a theft standpoint.)
Qustion is: Do they have enough horsepower for your needs?
"Draco dormiens nunquam titillandus."
The sooner people realize how easy this stuff is, the sooner they will use it and discover how easy it is.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.