DevuanDog Kiosk Edition
DevuanDog Kiosk Edition
*** DevuanDog Kiosk Edition ***
Updated 2019-10-06 see changes and fixes Here
The (unprivileged) user will be presented with a fullscreen internet start page and has no access to the system at all (only administrator who knows the admin password).
The browser included is OpenKiosk, based on Firefox http://openkiosk.mozdevgroup.com/
This is not a 'browser-only' OS, although it's purpose is to be restricted to browsing the internet.
Administrator can install packages (synaptic or apt) or configure e.g. keyboard-layout, soundlevel, setup wifi (see below for firmware .squashfs), manage files (pcmanfm filemanager), remaster, make frugal install (recommended), etc..., more info below.
Testing would be appreciated, it should be a challenge to hack this (pretending NOT to know the 'admin' password) to get into the system someway as (unprivileged) user.
Any suggestions to improve are very welcome!
Download: Updated 2019-10-06
ISO 32-bit: https://github.com/DebianDog/DevuanDog/ ... 6_i386.iso Size: 304MB
Md5sum: https://github.com/DebianDog/DevuanDog/ ... 6_i386.md5
ISO 64-bit: https://github.com/DebianDog/DevuanDog/ ... _amd64.iso Size: 308MB
Md5sum: https://github.com/DebianDog/DevuanDog/ ... _amd64.md5
From ReadMe-Kiosk: (Administrator mode > wbar > Info Kiosk) Updated 2019-09-28
------------------------------------------------------------------------------------------------
*** Info Kiosk ***
Restricted to browsing the internet only, no downloading is possible
The user (not knowing 'admin' password) has no access at all to the system (cannot run applications, terminal, or file-manager, etc...)
Recommended usage:
Boot with porteus-boot changes=EXIT:/.. option (if you need to configure or install something) or without changes option (nosave)
To get access to the system, to configure as administrator:
Press Alt + F1 (will close openkiosk)
Click the "admin" button (Debian logo icon)
After entering the password for user 'admin', the wbar dock wil appear, from where you can e.g. install packages (synaptic), terminal, save session, configure etc..
-------------------------------------
Default password for admin is: admin
First thing you may want to do is change the admin password, open a terminal and:
passwd admin
-------------------------------------
OpenKiosk info:
OpenKiosk is running in full screen, pressing F10 will restart OpenKiosk.
To make changes in OpenKiosk, e.g. preferences: Press: Shift+F1 and enter password
(by default it's 'admin' of course this needs to be changed)
OpenKiosk will then run without the restricted 'Kiosk modus'.
-------------------------------------
The keyboard shortcut to close OpenKiosk: Alt + F1
It can be changed to something more complicated (secret) if you wish, then use 'Keybinder' from wbar to change it.
(for example something like: Shift + Ctrl + Alt + F1)
The icon second on the right of wbar ('Save Session') will save during a session (in case EXIT: is used).
Clicking the icon on the far bottom left (panel) will show shutdown dialog as administrator (password prompt for admin user), changes (if configured) will be saved and when booted with changes=EXIT:/ option the 'Save or Not Save' dialog will appear.
Pressing the Power button will not show the 'Save or Not Save' dialog.
Close wbar when you are done.
----------------------------------------------------------------------------------------------------
Fred
Updated 2019-10-06 see changes and fixes Here
The (unprivileged) user will be presented with a fullscreen internet start page and has no access to the system at all (only administrator who knows the admin password).
The browser included is OpenKiosk, based on Firefox http://openkiosk.mozdevgroup.com/
This is not a 'browser-only' OS, although it's purpose is to be restricted to browsing the internet.
Administrator can install packages (synaptic or apt) or configure e.g. keyboard-layout, soundlevel, setup wifi (see below for firmware .squashfs), manage files (pcmanfm filemanager), remaster, make frugal install (recommended), etc..., more info below.
Testing would be appreciated, it should be a challenge to hack this (pretending NOT to know the 'admin' password) to get into the system someway as (unprivileged) user.
Any suggestions to improve are very welcome!
Download: Updated 2019-10-06
ISO 32-bit: https://github.com/DebianDog/DevuanDog/ ... 6_i386.iso Size: 304MB
Md5sum: https://github.com/DebianDog/DevuanDog/ ... 6_i386.md5
ISO 64-bit: https://github.com/DebianDog/DevuanDog/ ... _amd64.iso Size: 308MB
Md5sum: https://github.com/DebianDog/DevuanDog/ ... _amd64.md5
From ReadMe-Kiosk: (Administrator mode > wbar > Info Kiosk) Updated 2019-09-28
------------------------------------------------------------------------------------------------
*** Info Kiosk ***
Restricted to browsing the internet only, no downloading is possible
The user (not knowing 'admin' password) has no access at all to the system (cannot run applications, terminal, or file-manager, etc...)
Recommended usage:
Boot with porteus-boot changes=EXIT:/.. option (if you need to configure or install something) or without changes option (nosave)
To get access to the system, to configure as administrator:
Press Alt + F1 (will close openkiosk)
Click the "admin" button (Debian logo icon)
After entering the password for user 'admin', the wbar dock wil appear, from where you can e.g. install packages (synaptic), terminal, save session, configure etc..
-------------------------------------
Default password for admin is: admin
First thing you may want to do is change the admin password, open a terminal and:
passwd admin
-------------------------------------
OpenKiosk info:
OpenKiosk is running in full screen, pressing F10 will restart OpenKiosk.
To make changes in OpenKiosk, e.g. preferences: Press: Shift+F1 and enter password
(by default it's 'admin' of course this needs to be changed)
OpenKiosk will then run without the restricted 'Kiosk modus'.
-------------------------------------
The keyboard shortcut to close OpenKiosk: Alt + F1
It can be changed to something more complicated (secret) if you wish, then use 'Keybinder' from wbar to change it.
(for example something like: Shift + Ctrl + Alt + F1)
The icon second on the right of wbar ('Save Session') will save during a session (in case EXIT: is used).
Clicking the icon on the far bottom left (panel) will show shutdown dialog as administrator (password prompt for admin user), changes (if configured) will be saved and when booted with changes=EXIT:/ option the 'Save or Not Save' dialog will appear.
Pressing the Power button will not show the 'Save or Not Save' dialog.
Close wbar when you are done.
----------------------------------------------------------------------------------------------------
Fred
- Attachments
-
- administrator_mode.png
- Aministrator mode
- (122.94 KiB) Downloaded 997 times
-
- user_restricted_to_browse_only.png
- User mode
- (17.7 KiB) Downloaded 992 times
Last edited by fredx181 on Sun 06 Oct 2019, 14:43, edited 13 times in total.
Thanks Dan,
Well, the goal of this is that it can be safely deployed in e.g. schools, universities, libraries, hospitals, airports, hotels, governments.
So one of the most important things to test is if a malicious user (not knowing the root password or openkiosk password) will be able to sabotage it in one way or another.
(also I think it should be safe for a user to e.g. login at some website and then by pressing F10 (restart) the next user doesn't have access, maybe that should be more clearly stated with an extra dialog)
Fred
Well, the goal of this is that it can be safely deployed in e.g. schools, universities, libraries, hospitals, airports, hotels, governments.
So one of the most important things to test is if a malicious user (not knowing the root password or openkiosk password) will be able to sabotage it in one way or another.
(also I think it should be safe for a user to e.g. login at some website and then by pressing F10 (restart) the next user doesn't have access, maybe that should be more clearly stated with an extra dialog)
Fred
-
- Posts: 1
- Joined: Tue 17 Sep 2019, 13:27
I'm in it now.
The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".
edit: Back in regular Stretch now.
My only other thought is that if you really wanted to lock it down and have it operate more like regular non-Puppy linux, instead of having it drop down to the root user when you type in the password, have it drop down to puppy user and make them use sudo. The counterpoint of course is that running as root like Puppy is great and sudo is stupid.
You could also then have a 3rd user that runs the browser that isn't in the sudo or wheel groups.
I'm not sure I figured out when you are given the opportunity to save changes or how you do that.
The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".
edit: Back in regular Stretch now.
My only other thought is that if you really wanted to lock it down and have it operate more like regular non-Puppy linux, instead of having it drop down to the root user when you type in the password, have it drop down to puppy user and make them use sudo. The counterpoint of course is that running as root like Puppy is great and sudo is stupid.
You could also then have a 3rd user that runs the browser that isn't in the sudo or wheel groups.
I'm not sure I figured out when you are given the opportunity to save changes or how you do that.
OK, thanks, didn't notice that earlier, however you can't sabotage the system (only view), it would be better if it's really blocked, maybe that can be done with blacklisting, not sure how yet.dancytron wrote:The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".
Yes not really clear, it's the most right icon from wbar to reboot/shutdown with option to save or not (and save2flash second on the right), I think I'll change that.I'm not sure I figured out when you are given the opportunity to save changes or how you do that.
I will think about running as guest user.
Fred
Updated DevuanDog Kiosk
*** Updated DevuanDog Kiosk ***
Changes and fixes:
- Very different setup, default automatic login is now as user 'admin', password = admin
To administrate the system, click the debian-logo icon (admin), enter password and wbar will run as root.
- Openkiosk browser runs now as user 'admin' (instead of previously as 'root')
- Fix: Local files are not anymore accesible from Openkiosk browser ("file://..." in address bar is blocked)
- Added lots of firmware for wifi (resulting in much larger ISO size, 304MB now)
- Clicking Logout button (far left of tint2 panel) shows prompt for password (admin) and (if booted with porteus boot EXIT:/... option) shows dialog for "Save or not save" at shutdown
Updated download links and updated info at first post.
Fred
Changes and fixes:
- Very different setup, default automatic login is now as user 'admin', password = admin
To administrate the system, click the debian-logo icon (admin), enter password and wbar will run as root.
- Openkiosk browser runs now as user 'admin' (instead of previously as 'root')
- Fix: Local files are not anymore accesible from Openkiosk browser ("file://..." in address bar is blocked)
- Added lots of firmware for wifi (resulting in much larger ISO size, 304MB now)
- Clicking Logout button (far left of tint2 panel) shows prompt for password (admin) and (if booted with porteus boot EXIT:/... option) shows dialog for "Save or not save" at shutdown
Updated download links and updated info at first post.
Fred
Assuming that you used 'Monitor Settings' from 'Apps'. Yes, that needs to be fixed, the point is that applications are running as root (from wbar) so some apps create config files in /root, to fix change the line in '/home/admin/Startup/exec_lxrandr-autostart' to:d4p wrote:How to save monitor setting (HDMI connection)?
It reset after reboot.
Code: Select all
exec exec_desktopfile.awk /root/.config/autostart/lxrandr-autostart.desktop
@dancytron
Thanks. Yes, or make it reset after longer time (e.g. 15 min) and the default 10 seconds countdown is a bit short, 30 sec or more would be better.The only annoying thing is the reset on inactivity function will reset while you are watching a youtube video full screen and you don't get the warning, but that is easy enough to turn off in the preferences.
Fred
*** Updated DevuanDog Kiosk ***
Bugfix:
For when running wbar in "administrator mode"
Some applications create config files in the $HOME directory, e.g. autostart from "Monitor Settings", now it will create these in /home/admin (instead previously in /root) by running wbar as root but now preserving home directory (HOME=/home/admin) so e.g. autostart works now from user admin.
Added 64-bit ISO too, see download links at first post.
Fred
Bugfix:
For when running wbar in "administrator mode"
Some applications create config files in the $HOME directory, e.g. autostart from "Monitor Settings", now it will create these in /home/admin (instead previously in /root) by running wbar as root but now preserving home directory (HOME=/home/admin) so e.g. autostart works now from user admin.
Added 64-bit ISO too, see download links at first post.
Fred
Sorry, my bad, forgot to include apulse libs in 64-bit version, I'l upload new 64-bit ISO with sound fix soon.d4p wrote:Autostart works ok, just no sound in this ISO version.
EDIT: Updated 64-bit ISO with fix, sound should work now:
ISO: https://github.com/DebianDog/DevuanDog/ ... _amd64.iso
Md5sum: https://github.com/DebianDog/DevuanDog/ ... _amd64.md5
Fred
Well..,yes, indeed just after creating save, the soundlevel isn't saved, it would be the second time though.d4p wrote:1. default sound is very low
2. adjust the volume to higher bar (alsamixer)
3. create save file/changes.dat
4. reboot
Well, nothing saved, I have to adjust the volume again.
(if savefile or savefolder is already activated at boot, saving soundlevels works)
Anyway made new ISO's with initial soundlevel set higher and fixed that soundlevel isn't saved first time save. Download at first post (v 2019-10-06).
Getting there step by step
Thanks for the feedback !
Fred
1. The sound level setting in changes.dat is solved, unfortunately it is not working in remaster Iso (Sound level is back to default position).
2. In my opinion, ALT+F1 feature is not good (a user is not allowed to access the desktop).
3. I have a small video in wmv format, hope it is uploadable. The basic idea is, after input admin-password it will show up the taskbar while still in openkiosk, from there administrator can do whatever like printscreen, copy, edit etc.
2. In my opinion, ALT+F1 feature is not good (a user is not allowed to access the desktop).
3. I have a small video in wmv format, hope it is uploadable. The basic idea is, after input admin-password it will show up the taskbar while still in openkiosk, from there administrator can do whatever like printscreen, copy, edit etc.
- Attachments
-
- openkiosk-ala-win.zip
- (130.61 KiB) Downloaded 149 times