<div dir="ltr"><div>Hi,<br><br></div>thanks, I am downloading a couple of these kiosk distros now. I will let you know what I find after testing. Thanks! <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 30, 2015 at 11:45 AM, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">some of these might be of help<div><a href="http://tuxdiary.com/2014/11/05/linux-distros-for-kiosks/" target="_blank">http://tuxdiary.com/2014/11/05/linux-distros-for-kiosks/</a><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div><div>--</div><a href="http://gplus.to/azmodie" target="_blank">http://gplus.to/azmodie</a><div>"Since light travels faster than sound, people appear bright until you hear them speak." -- some bright spark</div></div></div><div><div class="h5">
<br><div class="gmail_quote">On 30 September 2015 at 19:35, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi Christian<br></div><div><br>It may be useful to clarify what specifically you want to prevent and why -- stopping users from saving to the local computer and losing files for their own sake is one consideration (the angle I was taking); stopping them from leaving personal files behind is another (which would be solvable simply with the guest account); preventing download of "improper" files is yet a different consideration...<br><br></div>What's the specific goal / situation you are trying to guard against?<br></div><div class="gmail_extra"><span><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><br><br>===<br>Tai Kedzierski<br><br></div><div>Affordable Office IT for Freelance and Startup Businesses<br></div><div dir="ltr"><a href="http://helpuse.com/" target="_blank">http://helpuse.com/</a><br></div><br><div dir="ltr"><span></span><font size="1"><img src="http://www.free-mac-programs.com/images/applications/libreoffice.png" width="19" height="19"> I use <a href="http://www.libreoffice.org" target="_blank">www.libreoffice.org</a><br><br><i>"Open Source Free Software is a matter of liberty, not price."</i><br>
<a href="http://bit.ly/foss-why-care" target="_blank">http://bit.ly/foss-why-care </a><br></font><font size="2"><br></font></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div><div><div class="gmail_quote">On 30 September 2015 at 19:28, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>HI Tai,<br><br></div>Thanks again for the thought, but we are primarily interested in making sure that a use cannot download improper files to the hard drive. Tracking is interesting, but probably not helpful enough. :-) <br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 30, 2015 at 11:19 AM, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Just found a tool called inotify which can monitor directories for immediate changes. Using this it might be possible to create something that notifies users immediately when they attempt to save to home/desktop</p>
<p dir="ltr">Just need to make sure it only notifies for relevant items...<br><br></p>
<p dir="ltr">--Tai</p>
<p dir="ltr">// Sent from a mobile device; rogue typos may be lurking</p><div><div>
<div class="gmail_quote">On 30 Sep 2015 18:59, "Edinburgh Linux Users Group" <<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,<br><br></div>Thanks for the suggestions, Tai. Someone else here locally in SF also cautioned that making the home dir not writeable would cause app errors. So I think that is out. Thanks for the thought, though!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 30, 2015 at 10:49 AM, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Admittedly I hadn't tested that suggestion yet, it was more of a rush.<br><br></div>I did think of the guest account, but it allows users to save to the home dir and desktop (even though that's purged later)<br><br></div>Probably marking the home folder as read-only would prevent apps from creating/modifying config files, but I'd be a little surprised if anything actually crashed in this setup..... I'll give it a test later on the way home myself in a VM. Bus commutes are boring like that....<br></div><div class="gmail_extra"><span><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><br><br>===<br>Tai Kedzierski<br><br></div><div>Affordable Office IT for Freelance and Startup Businesses<br></div><div dir="ltr"><a href="http://helpuse.com/" target="_blank">http://helpuse.com/</a><br></div><br><div dir="ltr"><span></span><font size="1"><img width="19" height="19"> I use <a href="http://www.libreoffice.org" target="_blank">www.libreoffice.org</a><br><br><i>"Open Source Free Software is a matter of liberty, not price."</i><br>
<a href="http://bit.ly/foss-why-care" target="_blank">http://bit.ly/foss-why-care </a><br></font><font size="2"><br></font></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div class="gmail_quote"><div><div>On 30 September 2015 at 18:33, Edinburgh Linux Users Group <span dir="ltr"><<a href="mailto:edlug@lists.edlug.org.uk" target="_blank">edlug@lists.edlug.org.uk</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><u></u>
<div><span><div> </div>
<div>On Wed, 30 Sep 2015, at 06:06 PM, Edinburgh Linux Users Group wrote:<br></div>
<blockquote type="cite"><div dir="ltr"><div><div><div><div><div><div>Here's how I understand the reasoning:<br></div>
</div>
<div>The shelter does not want residents saving files to the hard drive ; specifically, they want to make sure the residents are actively pushed by the system towards their pen drives<br></div>
<div> </div>
</div>
<div>I assume the computers are going to be available in the shelter as stationary workstations - not for roaming around with.<br></div>
<div> </div>
</div>
<div><i>Id est</i>: The requirement of not being able to write to disk is not so much a security requirement, but rather to ensure residents are saving their personal documents to the right place - is this correct?<br></div>
<div><div> </div>
<div> </div>
</div>
<div>Given these goals, perhaps the easiest solution would be to create a non-admin user for residents to log in as.<br></div>
<div>Then, using super user, remove the write permissions on the home directory (make it non-writable), and change its owner and group to root (make it so the user can't turn write-ability back on)<br></div>
<div> </div>
</div>
<div>adduser user<br></div>
<div>chmod -R 555 /home/user<br></div>
<div>chmod -R root:rrot /home/user<br></div>
<div> </div>
<div>Thus they won't be able to write into the downloads or documents folders etc, but a mounted flash drive would work fine.<br></div>
<div> </div>
</div>
</div>
</blockquote></span><div>Doesn't ubuntu have a guest login where the homedir is tmpfs?<br></div>
<div> </div>
<div>Doing as suggested above will make most DEs barf and crash!<br></div>
<div> </div>
<div>Graeme<br></div>
<div> </div>
</div>
<br></div></div><span>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></span></blockquote></div><br></div>
<br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div>Christian Einfeldt</div>
</div>
<br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div>
</div></div><br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div>Christian Einfeldt</div>
</div>
</div></div><br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk" target="_blank">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
EdLUG mailing list<br>
<a href="mailto:EdLUG@lists.edlug.org.uk">EdLUG@lists.edlug.org.uk</a><br>
<a href="https://lists.edlug.org.uk/mailman/listinfo/edlug" rel="noreferrer" target="_blank">https://lists.edlug.org.uk/mailman/listinfo/edlug</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Christian Einfeldt</div>
</div>