(OLD) (ARCHIVED) Puppy Linux Discussion Forum

[fredx181]

*** DevuanDog Kiosk Edition ***

Updated 2019-10-06 see changes and fixes Here

The (unprivileged) user will be presented with a fullscreen internet start page and has no access to the system at all (only administrator who knows the admin password).
The browser included is OpenKiosk, based on Firefox http://openkiosk.mozdevgroup.com/
This is not a 'browser-only' OS, although it's purpose is to be restricted to browsing the internet.
Administrator can install packages (synaptic or apt) or configure e.g. keyboard-layout, soundlevel, setup wifi (see below for firmware .squashfs), manage files (pcmanfm filemanager), remaster, make frugal install (recommended), etc..., more info below.

Testing would be appreciated, it should be a challenge to hack this (pretending NOT to know the 'admin' password) to get into the system someway as (unprivileged) user.
Any suggestions to improve are very welcome!

Download: Updated 2019-10-06
ISO 32-bit: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_i386.iso Size: 304MB
Md5sum: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_i386.md5
ISO 64-bit: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_amd64.iso Size: 308MB
Md5sum: https://github.com/DebianDog/DevuanDog/releases/download/v1.0/DevuanDog-Kiosk-2019-10-06_amd64.md5

From ReadMe-Kiosk: (Administrator mode > wbar > Info Kiosk) Updated 2019-09-28
------------------------------------------------------------------------------------------------
*** Info Kiosk ***

Restricted to browsing the internet only, no downloading is possible
The user (not knowing 'admin' password) has no access at all to the system (cannot run applications, terminal, or file-manager, etc...)

Recommended usage:
Boot with porteus-boot changes=EXIT:/.. option (if you need to configure or install something) or without changes option (nosave)

To get access to the system, to configure as administrator:
Press Alt + F1 (will close openkiosk)
Click the "admin" button (Debian logo icon)
After entering the password for user 'admin', the wbar dock wil appear, from where you can e.g. install packages (synaptic), terminal, save session, configure etc..

-------------------------------------
Default password for admin is: admin
First thing you may want to do is change the admin password, open a terminal and:

passwd admin

-------------------------------------

OpenKiosk info:
OpenKiosk is running in full screen, pressing F10 will restart OpenKiosk.
To make changes in OpenKiosk, e.g. preferences: Press: Shift+F1 and enter password
(by default it's 'admin' of course this needs to be changed)
OpenKiosk will then run without the restricted 'Kiosk modus'.
-------------------------------------

The keyboard shortcut to close OpenKiosk: Alt + F1
It can be changed to something more complicated (secret) if you wish, then use 'Keybinder' from wbar to change it.
(for example something like: Shift + Ctrl + Alt + F1)

The icon second on the right of wbar ('Save Session') will save during a session (in case EXIT: is used).

Clicking the icon on the far bottom left (panel) will show shutdown dialog as administrator (password prompt for admin user), changes (if configured) will be saved and when booted with changes=EXIT:/ option the 'Save or Not Save' dialog will appear.

Pressing the Power button will not show the 'Save or Not Save' dialog.

Close wbar when you are done.
----------------------------------------------------------------------------------------------------

Fred

[dancytron]

I installed it, got the sound working (blacklisted the nvidia card sound), and played around with it a little.

It all seems to work as expected.

Anything particular to test?

[fredx181]

Thanks Dan,

Well, the goal of this is that it can be safely deployed in e.g. schools, universities, libraries, hospitals, airports, hotels, governments.
So one of the most important things to test is if a malicious user (not knowing the root password or openkiosk password) will be able to sabotage it in one way or another.
(also I think it should be safe for a user to e.g. login at some website and then by pressing F10 (restart) the next user doesn't have access, maybe that should be more clearly stated with an extra dialog)

Fred

[libredoodle]

my testing concludes no network initiated! Where now?

[fredx181]

[dancytron]

I'm in it now.

The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".

edit: Back in regular Stretch now.

My only other thought is that if you really wanted to lock it down and have it operate more like regular non-Puppy linux, instead of having it drop down to the root user when you type in the password, have it drop down to puppy user and make them use sudo. The counterpoint of course is that running as root like Puppy is great and sudo is stupid.

You could also then have a 3rd user that runs the browser that isn't in the sudo or wheel groups.

I'm not sure I figured out when you are given the opportunity to save changes or how you do that.

[fredx181]

[fredx181]

*** Updated DevuanDog Kiosk ***

Changes and fixes:
- Very different setup, default automatic login is now as user 'admin', password = admin
To administrate the system, click the debian-logo icon (admin), enter password and wbar will run as root.
- Openkiosk browser runs now as user 'admin' (instead of previously as 'root')
- Fix: Local files are not anymore accesible from Openkiosk browser ("file://..." in address bar is blocked)
- Added lots of firmware for wifi (resulting in much larger ISO size, 304MB now)
- Clicking Logout button (far left of tint2 panel) shows prompt for password (admin) and (if booted with porteus boot EXIT:/... option) shows dialog for "Save or not save" at shutdown

Updated download links and updated info at first post.

Fred

[d4p]

Thanks, finally Openkiosk works.

How to save monitor setting (HDMI connection)?
It reset after reboot.

[dancytron]

Installed the new version and I am in it now.

All seems to work.

The only annoying thing is the reset on inactivity function will reset while you are watching a youtube video full screen and you don't get the warning, but that is easy enough to turn off in the preferences.

Otherwise seems good.

[fredx181]

[fredx181]

*** Updated DevuanDog Kiosk ***

Bugfix:
For when running wbar in "administrator mode"
Some applications create config files in the $HOME directory, e.g. autostart from "Monitor Settings", now it will create these in /home/admin (instead previously in /root) by running wbar as root but now preserving home directory (HOME=/home/admin) so e.g. autostart works now from user admin.

Added 64-bit ISO too, see download links at first post.

Fred

[d4p]

Autostart works ok, just no sound in this ISO version.

[dancytron]

[fredx181]