R. Diez
2013-Feb-01 15:13 UTC
[LightDM] How to set up a public computer without locking it down completely
Hi all: I would like to set up a public Linux computer in a hackerspace, so that guests can browse the Internet if they haven't brought their own laptop. There is a minimum of security requirements to fullfill, but we are not talking about serious security here. The PC is not really private, as there is always a number of hackers walking around. Guests tend to be of good faith and they often need help using computers. If the PC gets trashed I hope I can re-image it pretty quickly. I've spent some time searching the Web with keywords "Kiosk Mode" and "Public PC", but most advice I have seen is about locking the computer down, but that's not what I want to achieve, I want to let the user do as much as possible, including (if possible) installing packages from the distribution's default (trusted) software repositories. I just want to forbid root and nothing else. I would also be nice if the PC could update itself when shutting down, so that it will come up again next day completed up-to-date with the latest version of Firefox and so on. I am thinking about creating some sort of autologin guest account. The trick is, when the user logs out, or maybe at next login, the guest account gets totally wiped out in order to start clean next time around. I am thinking about resetting the user's file to a known baseline. In order to prevent the guest user from being asked the typical welcome questions every time, I would also like to temporarily disable such account wiping, so that I can update the baseline used for the next wiping out at login. I am guessing I could add some hook scripts somewhere in the LightDM's configuration in order to achieve all this. Can anybody give me some pointers? Many thanks, ? rdiez
Robert Ancell
2013-May-29 22:13 UTC
[LightDM] How to set up a public computer without locking it down completely
Hi rdiez, In terms of how LightDM does guest sessions, there are some files you can modify: /usr/sbin/guest-account creates/removes guest accounts - you could modify that for new behaviour /etc/apparmor.d/lightdm-guest-session controls guest permissions You can enable guest autologin from /etc/lightdm/lightdm.conf On 2 February 2013 04:13, R. Diez <rdiezmail-temp2 at yahoo.de> wrote:> Hi all: > > I would like to set up a public Linux computer in a hackerspace, so that > guests can browse the Internet if they haven't brought their own laptop. > > There is a minimum of security requirements to fullfill, but we are not > talking about serious security here. The PC is not really private, as there > is always a number of hackers walking around. Guests tend to be of good > faith and they often need help using computers. If the PC gets trashed I > hope I can re-image it pretty quickly. > > I've spent some time searching the Web with keywords "Kiosk Mode" and > "Public PC", but most advice I have seen is about locking the computer > down, but that's not what I want to achieve, I want to let the user do as > much as possible, including (if possible) installing packages from the > distribution's default (trusted) software repositories. I just want to > forbid root and nothing else. > > I would also be nice if the PC could update itself when shutting down, so > that it will come up again next day completed up-to-date with the latest > version of Firefox and so on. > > I am thinking about creating some sort of autologin guest account. The > trick is, when the user logs out, or maybe at next login, the guest account > gets totally wiped out in order to start clean next time around. I am > thinking about resetting the user's file to a known baseline. > > In order to prevent the guest user from being asked the typical welcome > questions every time, I would also like to temporarily disable such account > wiping, so that I can update the baseline used for the next wiping out at > login. > > I am guessing I could add some hook scripts somewhere in the LightDM's > configuration in order to achieve all this. Can anybody give me some > pointers? > > Many thanks, > rdiez > _______________________________________________ > LightDM mailing list > LightDM at lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/lightdm >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.freedesktop.org/archives/lightdm/attachments/20130530/bc37c26a/attachment.html>