Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 04 Jul 2020, 02:12
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
DevuanDog Kiosk Edition
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [21 Posts]   Goto page: 1, 2 Next
Author Message
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Sat 21 Sep 2019, 13:33    Post subject:  DevuanDog Kiosk Edition
Subject description: User is restricted to browsing the web only
 

*** DevuanDog Kiosk Edition ***

Updated 2019-10-06 see changes and fixes Here

The (unprivileged) user will be presented with a fullscreen internet start page and has no access to the system at all (only administrator who knows the admin password).
The browser included is OpenKiosk, based on Firefox http://openkiosk.mozdevgroup.com/
This is not a 'browser-only' OS, although it's purpose is to be restricted to browsing the internet.
Administrator can install packages (synaptic or apt) or configure e.g. keyboard-layout, soundlevel, setup wifi (see below for firmware .squashfs), manage files (pcmanfm filemanager), remaster, make frugal install (recommended), etc..., more info below.

Testing would be appreciated, it should be a challenge to hack this Smile (pretending NOT to know the 'admin' password) to get into the system someway as (unprivileged) user.
Any suggestions to improve are very welcome!

Download: Updated 2019-10-06
ISO 32-bit: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_i386.iso Size: 304MB
Md5sum: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_i386.md5
ISO 64-bit: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_amd64.iso Size: 308MB
Md5sum: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_amd64.md5

From ReadMe-Kiosk: (Administrator mode > wbar > Info Kiosk) Updated 2019-09-28
------------------------------------------------------------------------------------------------
*** Info Kiosk ***

Restricted to browsing the internet only, no downloading is possible
The user (not knowing 'admin' password) has no access at all to the system (cannot run applications, terminal, or file-manager, etc...)

Recommended usage:
Boot with porteus-boot changes=EXIT:/.. option (if you need to configure or install something) or without changes option (nosave)

To get access to the system, to configure as administrator:
Press Alt + F1 (will close openkiosk)

Click the "admin" button (Debian logo icon)
After entering the password for user 'admin', the wbar dock wil appear, from where you can e.g. install packages (synaptic), terminal, save session, configure etc..

-------------------------------------
Default password for admin is: admin
First thing you may want to do is change the admin password, open a terminal and:

passwd admin

-------------------------------------

OpenKiosk info:
OpenKiosk is running in full screen, pressing F10 will restart OpenKiosk.
To make changes in OpenKiosk, e.g. preferences: Press: Shift+F1 and enter password
(by default it's 'admin' of course this needs to be changed)

OpenKiosk will then run without the restricted 'Kiosk modus'.
-------------------------------------

The keyboard shortcut to close OpenKiosk: Alt + F1
It can be changed to something more complicated (secret) if you wish, then use 'Keybinder' from wbar to change it.
(for example something like: Shift + Ctrl + Alt + F1)

The icon second on the right of wbar ('Save Session') will save during a session (in case EXIT: is used).

Clicking the icon on the far bottom left (panel) will show shutdown dialog as administrator (password prompt for admin user), changes (if configured) will be saved and when booted with changes=EXIT:/ option the 'Save or Not Save' dialog will appear.

Pressing the Power button will not show the 'Save or Not Save' dialog.

Close wbar when you are done.
----------------------------------------------------------------------------------------------------

Fred
administrator_mode.png
 Description   Aministrator mode
 Filesize   122.94 KB
 Viewed   996 Time(s)

administrator_mode.png

user_restricted_to_browse_only.png
 Description   User mode
 Filesize   17.7 KB
 Viewed   991 Time(s)

user_restricted_to_browse_only.png


_________________
Dog Linux website
Tinylinux blog by wiak

Last edited by fredx181 on Sun 06 Oct 2019, 10:43; edited 13 times in total
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 1552

PostPosted: Sat 21 Sep 2019, 19:26    Post subject:  

I installed it, got the sound working (blacklisted the nvidia card sound), and played around with it a little.

It all seems to work as expected.

Anything particular to test?
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Sun 22 Sep 2019, 04:15    Post subject:  

Thanks Dan,

Well, the goal of this is that it can be safely deployed in e.g. schools, universities, libraries, hospitals, airports, hotels, governments.
So one of the most important things to test is if a malicious user (not knowing the root password or openkiosk password) will be able to sabotage it in one way or another.
(also I think it should be safe for a user to e.g. login at some website and then by pressing F10 (restart) the next user doesn't have access, maybe that should be more clearly stated with an extra dialog)

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
libredoodle

Joined: 17 Sep 2019
Posts: 1

PostPosted: Mon 23 Sep 2019, 06:56    Post subject:  

my testing concludes no network initiated! Where now?
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Mon 23 Sep 2019, 09:03    Post subject:  

libredoodle wrote:
my testing concludes no network initiated! Where now?


Are you on cable or wifi ?
If it's wifi you probably need specific firmware installed.

EDIT: Probably in next version I'll include firmware for wifi.

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 1552

PostPosted: Mon 23 Sep 2019, 16:55    Post subject:  

I'm in it now.

The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".

edit: Back in regular Stretch now.

My only other thought is that if you really wanted to lock it down and have it operate more like regular non-Puppy linux, instead of having it drop down to the root user when you type in the password, have it drop down to puppy user and make them use sudo. The counterpoint of course is that running as root like Puppy is great and sudo is stupid. Very Happy

You could also then have a 3rd user that runs the browser that isn't in the sudo or wheel groups.

I'm not sure I figured out when you are given the opportunity to save changes or how you do that.
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Wed 25 Sep 2019, 07:54    Post subject:  

dancytron wrote:
The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".


OK, thanks, didn't notice that earlier, however you can't sabotage the system (only view), it would be better if it's really blocked, maybe that can be done with blacklisting, not sure how yet.

Quote:
I'm not sure I figured out when you are given the opportunity to save changes or how you do that.


Yes not really clear, it's the most right icon from wbar to reboot/shutdown with option to save or not (and save2flash second on the right), I think I'll change that.

I will think about running as guest user.

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Fri 27 Sep 2019, 19:21    Post subject: Updated DevuanDog Kiosk  

*** Updated DevuanDog Kiosk ***

Changes and fixes:
- Very different setup, default automatic login is now as user 'admin', password = admin
To administrate the system, click the debian-logo icon (admin), enter password and wbar will run as root.
- Openkiosk browser runs now as user 'admin' (instead of previously as 'root')
- Fix: Local files are not anymore accesible from Openkiosk browser ("file://..." in address bar is blocked)
- Added lots of firmware for wifi (resulting in much larger ISO size, 304MB now)
- Clicking Logout button (far left of tint2 panel) shows prompt for password (admin) and (if booted with porteus boot EXIT:/... option) shows dialog for "Save or not save" at shutdown

Updated download links and updated info at first post.

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
d4p


Joined: 12 Mar 2007
Posts: 439

PostPosted: Sat 28 Sep 2019, 17:48    Post subject:  

Thanks, finally Openkiosk works.

How to save monitor setting (HDMI connection)?
It reset after reboot.
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 1552

PostPosted: Sat 28 Sep 2019, 21:22    Post subject:  

Installed the new version and I am in it now.

All seems to work.

The only annoying thing is the reset on inactivity function will reset while you are watching a youtube video full screen and you don't get the warning, but that is easy enough to turn off in the preferences.

Otherwise seems good.
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Sun 29 Sep 2019, 09:53    Post subject:  

d4p wrote:
How to save monitor setting (HDMI connection)?
It reset after reboot.


Assuming that you used 'Monitor Settings' from 'Apps'. Yes, that needs to be fixed, the point is that applications are running as root (from wbar) so some apps create config files in /root, to fix change the line in '/home/admin/Startup/exec_lxrandr-autostart' to:
Code:
exec exec_desktopfile.awk /root/.config/autostart/lxrandr-autostart.desktop

Then the autostart file will be read on next start.

@dancytron
Quote:
The only annoying thing is the reset on inactivity function will reset while you are watching a youtube video full screen and you don't get the warning, but that is easy enough to turn off in the preferences.

Thanks. Yes, or make it reset after longer time (e.g. 15 min) and the default 10 seconds countdown is a bit short, 30 sec or more would be better.

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Tue 01 Oct 2019, 14:54    Post subject:  

*** Updated DevuanDog Kiosk ***

Bugfix:
For when running wbar in "administrator mode"
Some applications create config files in the $HOME directory, e.g. autostart from "Monitor Settings", now it will create these in /home/admin (instead previously in /root) by running wbar as root but now preserving home directory (HOME=/home/admin) so e.g. autostart works now from user admin.

Added 64-bit ISO too, see download links at first post.

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
d4p


Joined: 12 Mar 2007
Posts: 439

PostPosted: Wed 02 Oct 2019, 16:57    Post subject:  

Autostart works ok, just no sound in this ISO version.
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 1552

PostPosted: Wed 02 Oct 2019, 19:54    Post subject:  

d4p wrote:
Autostart works ok, just no sound in this ISO version.


Did you try using Alsa Mixer to choose your sound card and/or turn the volume up?
Back to top
View user's profile Send private message 
fredx181


Joined: 11 Dec 2013
Posts: 4473
Location: holland

PostPosted: Thu 03 Oct 2019, 03:05    Post subject:  

d4p wrote:
Autostart works ok, just no sound in this ISO version.


Sorry, my bad, forgot to include apulse libs in 64-bit version, I'l upload new 64-bit ISO with sound fix soon.

EDIT: Updated 64-bit ISO with fix, sound should work now:
ISO: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-03_amd64.iso
Md5sum: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-03_amd64.md5

Fred

_________________
Dog Linux website
Tinylinux blog by wiak
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [21 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0633s ][ Queries: 13 (0.0092s) ][ GZIP on ]