DevuanDog Kiosk Edition

Message

fredx181 · #1 Post by **fredx181** » Sat 21 Sep 2019, 17:33

*** DevuanDog Kiosk Edition ***

Updated 2019-10-06 see changes and fixes Here

The (unprivileged) user will be presented with a fullscreen internet start page and has no access to the system at all (only administrator who knows the admin password).
The browser included is OpenKiosk, based on Firefox http://openkiosk.mozdevgroup.com/
This is not a 'browser-only' OS, although it's purpose is to be restricted to browsing the internet.
Administrator can install packages (synaptic or apt) or configure e.g. keyboard-layout, soundlevel, setup wifi (see below for firmware .squashfs), manage files (pcmanfm filemanager), remaster, make frugal install (recommended), etc..., more info below.

Testing would be appreciated, it should be a challenge to hack this

(pretending NOT to know the 'admin' password) to get into the system someway as (unprivileged) user.
Any suggestions to improve are very welcome!

Download: Updated 2019-10-06
ISO 32-bit: https://github.com/DebianDog/DevuanDog/ ... 6_i386.iso Size: 304MB
Md5sum: https://github.com/DebianDog/DevuanDog/ ... 6_i386.md5
ISO 64-bit: https://github.com/DebianDog/DevuanDog/ ... _amd64.iso Size: 308MB
Md5sum: https://github.com/DebianDog/DevuanDog/ ... _amd64.md5

From ReadMe-Kiosk: (Administrator mode > wbar > Info Kiosk) Updated 2019-09-28
------------------------------------------------------------------------------------------------
*** Info Kiosk ***

Restricted to browsing the internet only, no downloading is possible
The user (not knowing 'admin' password) has no access at all to the system (cannot run applications, terminal, or file-manager, etc...)

Recommended usage:
Boot with porteus-boot changes=EXIT:/.. option (if you need to configure or install something) or without changes option (nosave)

To get access to the system, to configure as administrator:
Press Alt + F1 (will close openkiosk)
Click the "admin" button (Debian logo icon)
After entering the password for user 'admin', the wbar dock wil appear, from where you can e.g. install packages (synaptic), terminal, save session, configure etc..

-------------------------------------
Default password for admin is: admin
First thing you may want to do is change the admin password, open a terminal and:

passwd admin

-------------------------------------

OpenKiosk info:
OpenKiosk is running in full screen, pressing F10 will restart OpenKiosk.
To make changes in OpenKiosk, e.g. preferences: Press: Shift+F1 and enter password
(by default it's 'admin' of course this needs to be changed)
OpenKiosk will then run without the restricted 'Kiosk modus'.
-------------------------------------

The keyboard shortcut to close OpenKiosk: Alt + F1
It can be changed to something more complicated (secret) if you wish, then use 'Keybinder' from wbar to change it.
(for example something like: Shift + Ctrl + Alt + F1)

The icon second on the right of wbar ('Save Session') will save during a session (in case EXIT: is used).

Clicking the icon on the far bottom left (panel) will show shutdown dialog as administrator (password prompt for admin user), changes (if configured) will be saved and when booted with changes=EXIT:/ option the 'Save or Not Save' dialog will appear.

Pressing the Power button will not show the 'Save or Not Save' dialog.

Close wbar when you are done.
----------------------------------------------------------------------------------------------------

Fred

dancytron · #2 Post by **dancytron** » Sat 21 Sep 2019, 23:26

I installed it, got the sound working (blacklisted the nvidia card sound), and played around with it a little.

It all seems to work as expected.

Anything particular to test?

fredx181 · #3 Post by **fredx181** » Sun 22 Sep 2019, 08:15

Thanks Dan,

Well, the goal of this is that it can be safely deployed in e.g. schools, universities, libraries, hospitals, airports, hotels, governments.
So one of the most important things to test is if a malicious user (not knowing the root password or openkiosk password) will be able to sabotage it in one way or another.
(also I think it should be safe for a user to e.g. login at some website and then by pressing F10 (restart) the next user doesn't have access, maybe that should be more clearly stated with an extra dialog)

Fred

libredoodle · #4 Post by **libredoodle** » Mon 23 Sep 2019, 10:56

my testing concludes no network initiated! Where now?

fredx181 · #5 Post by **fredx181** » Mon 23 Sep 2019, 13:03

libredoodle wrote:my testing concludes no network initiated! Where now?

Are you on cable or wifi ?
If it's wifi you probably need specific firmware installed.

EDIT: Probably in next version I'll include firmware for wifi.

Fred

dancytron · #6 Post by **dancytron** » Mon 23 Sep 2019, 20:55

I'm in it now.

The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".

edit: Back in regular Stretch now.

My only other thought is that if you really wanted to lock it down and have it operate more like regular non-Puppy linux, instead of having it drop down to the root user when you type in the password, have it drop down to puppy user and make them use sudo. The counterpoint of course is that running as root like Puppy is great and sudo is stupid.

You could also then have a 3rd user that runs the browser that isn't in the sudo or wheel groups.

I'm not sure I figured out when you are given the opportunity to save changes or how you do that.

fredx181 · #7 Post by **fredx181** » Wed 25 Sep 2019, 11:54

dancytron wrote:The only thing i've noticed that is kind of a hole is that I am able to surf to file:/// and then get to file:///mnt/sda2 where I have it installed and see everything on that partition, even though there is a red banner across the top of the page that says "Blocked Page: file:///mnt".

OK, thanks, didn't notice that earlier, however you can't sabotage the system (only view), it would be better if it's really blocked, maybe that can be done with blacklisting, not sure how yet.

I'm not sure I figured out when you are given the opportunity to save changes or how you do that.

Yes not really clear, it's the most right icon from wbar to reboot/shutdown with option to save or not (and save2flash second on the right), I think I'll change that.

I will think about running as guest user.

Fred

fredx181 · #8 Post by **fredx181** » Fri 27 Sep 2019, 23:21

*** Updated DevuanDog Kiosk ***

Changes and fixes:
- Very different setup, default automatic login is now as user 'admin', password = admin
To administrate the system, click the debian-logo icon (admin), enter password and wbar will run as root.
- Openkiosk browser runs now as user 'admin' (instead of previously as 'root')
- Fix: Local files are not anymore accesible from Openkiosk browser ("file://..." in address bar is blocked)
- Added lots of firmware for wifi (resulting in much larger ISO size, 304MB now)
- Clicking Logout button (far left of tint2 panel) shows prompt for password (admin) and (if booted with porteus boot EXIT:/... option) shows dialog for "Save or not save" at shutdown

Updated download links and updated info at first post.

Fred

d4p · #9 Post by **d4p** » Sat 28 Sep 2019, 21:48

Thanks, finally Openkiosk works.

How to save monitor setting (HDMI connection)?
It reset after reboot.

dancytron · #10 Post by **dancytron** » Sun 29 Sep 2019, 01:22

Installed the new version and I am in it now.

All seems to work.

The only annoying thing is the reset on inactivity function will reset while you are watching a youtube video full screen and you don't get the warning, but that is easy enough to turn off in the preferences.

Otherwise seems good.

fredx181 · #11 Post by **fredx181** » Sun 29 Sep 2019, 13:53

d4p wrote:How to save monitor setting (HDMI connection)?
It reset after reboot.

Assuming that you used 'Monitor Settings' from 'Apps'. Yes, that needs to be fixed, the point is that applications are running as root (from wbar) so some apps create config files in /root, to fix change the line in '/home/admin/Startup/exec_lxrandr-autostart' to:

Code: Select all

exec exec_desktopfile.awk /root/.config/autostart/lxrandr-autostart.desktop

Then the autostart file will be read on next start.

@dancytron

The only annoying thing is the reset on inactivity function will reset while you are watching a youtube video full screen and you don't get the warning, but that is easy enough to turn off in the preferences.

Thanks. Yes, or make it reset after longer time (e.g. 15 min) and the default 10 seconds countdown is a bit short, 30 sec or more would be better.

Fred

fredx181 · #12 Post by **fredx181** » Tue 01 Oct 2019, 18:54

*** Updated DevuanDog Kiosk ***

Bugfix:
For when running wbar in "administrator mode"
Some applications create config files in the $HOME directory, e.g. autostart from "Monitor Settings", now it will create these in /home/admin (instead previously in /root) by running wbar as root but now preserving home directory (HOME=/home/admin) so e.g. autostart works now from user admin.

Added 64-bit ISO too, see download links at first post.

Fred

d4p · #13 Post by **d4p** » Wed 02 Oct 2019, 20:57

Autostart works ok, just no sound in this ISO version.

dancytron · #14 Post by **dancytron** » Wed 02 Oct 2019, 23:54

d4p wrote:Autostart works ok, just no sound in this ISO version.

Did you try using Alsa Mixer to choose your sound card and/or turn the volume up?

fredx181 · #15 Post by **fredx181** » Thu 03 Oct 2019, 07:05

d4p wrote:Autostart works ok, just no sound in this ISO version.

Sorry, my bad, forgot to include apulse libs in 64-bit version, I'l upload new 64-bit ISO with sound fix soon.

EDIT: Updated 64-bit ISO with fix, sound should work now:
ISO: https://github.com/DebianDog/DevuanDog/ ... _amd64.iso
Md5sum: https://github.com/DebianDog/DevuanDog/ ... _amd64.md5

Fred

d4p · #16 Post by **d4p** » Fri 04 Oct 2019, 19:36

can not save the sound setting

fredx181 · #17 Post by **fredx181** » Fri 04 Oct 2019, 20:36

Why not ?
More details about what you tried please.

Fred

d4p · #18 Post by **d4p** » Sun 06 Oct 2019, 04:57

1. default sound is very low
2. adjust the volume to higher bar (alsamixer)
3. create save file/changes.dat
4. reboot
Well, nothing saved, I have to adjust the volume again.

fredx181 · #19 Post by **fredx181** » Sun 06 Oct 2019, 14:41

d4p wrote:1. default sound is very low
2. adjust the volume to higher bar (alsamixer)
3. create save file/changes.dat
4. reboot
Well, nothing saved, I have to adjust the volume again.

Well..,yes, indeed just after creating save, the soundlevel isn't saved, it would be the second time though.
(if savefile or savefolder is already activated at boot, saving soundlevels works)
Anyway made new ISO's with initial soundlevel set higher and fixed that soundlevel isn't saved first time save. Download at first post (v 2019-10-06).
Getting there step by step

Thanks for the feedback !

Fred

d4p · #20 Post by **d4p** » Mon 07 Oct 2019, 21:26

1. The sound level setting in changes.dat is solved, unfortunately it is not working in remaster Iso (Sound level is back to default position).
2. In my opinion, ALT+F1 feature is not good (a user is not allowed to access the desktop).
3. I have a small video in wmv format, hope it is uploadable. The basic idea is, after input admin-password it will show up the taskbar while still in openkiosk, from there administrator can do whatever like printscreen, copy, edit etc.

(old)Puppy Linux Discussion Forum

(old)Puppy Linux Discussion Forum

DevuanDog Kiosk Edition

DevuanDog Kiosk Edition

Updated DevuanDog Kiosk