http://jadoba.

net/PLUG/kiosks/howto/#3

New HOWTO Verison

James D. B. (email)

This version of my HOWTO is defucnt, outdated and old. From now on, please refer to the New version. A linux kiosk distribuition has been born of this howto. It is my brainchild and is called Debiosk. I am retracting my webconverger endorsement, as it has too many features. Thanks!

Changelog
v0.1 : Initial document. (03/07/07)

v0.2 Table of Contents:

0 NOTE! 1 Acknowledgements, Copyright, etc...
1.1 Copyleft 1.2 Disclaimer 1.3 Thanks to those at PLUG 1.4 Thanks to everyone else

2 Synopsis
2.1 What's a kiosk anyway? 2.2 In 100 words or less... 2.3 Hardware 2.4 What we won't be covering... 2.5 How to use this HOWTO 2.6 "TO DO" list

3 Debian Etch orSarge Netinstall

3.1 Minimal Install 3.2 Edit /etc/apt/sources.list 3.3 Install a minimal X system (and some other things)

4 Crank up Firefox!
4.1 Install Firefox from tarball
4.1.1 Dependencies 4.1.2 wget, tar, chown, mkdir, rm

4.2 Start Firefox 4.3 Install extensions

1 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

4.4 Restart firefox, and... 4.5 Get out of Kiosk mode. 4.6 Configure extensions
4.6.1 Blocksite - OBSOLETE as of newest version of Public Fox! 4.6.2 Stealther 4.6.3 auto reset browser: 4.6.4 Public Fox 4.6.5 R-Kiosk

4.7 Configure Firefox itself

4.7.1 Preferences 4.7.2 about:config 4.7.3 Re-enable extensions 4.7.4 "Hack it up hack it in, let me login..."

5 Configuring the OS
5.1 set up the kiosk's .xinitrc 5.2 /etc/init.d/kiosk 5.3 /bin/startkiosk.sh 5.4 Xwrapper.config 5.5 Test your new kiosk 5.6 GRUB Password
5.6.1 Reboot, test

5.7 Modify XF86Config or xorg.conf 5.8 Delete unused programs 5.9 rc2.d

6 That's it! 7 Links

Pleae read all of this (or any) howto in its entirety before starting the actual project. There is one pretty bad hole in this configuration right now, please read section 2.6 ("TO DO") for more information. If you choose to implement this, I encourage you ro email me and tell me how it went. I welcome all constructive criticism and will be more than happy to answer any questions you may have. Thank you.

1.1 Copyleft
This HOW-TO is in the public domain. Anybody can do whatever they want with it (modify it, remove things from it, distribute it, etc), as long as they keep this paragraph intact. Anyone who reads this also agrees that I (James D. Barrett, jadoba.net) am not responsible for anything that happens because of any use or misuse of the information, materials and ideas held within this document. This document comes with NO warantee of any kind.

1.2 Disclaimer

2 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

This is by no means a "complete" documentation. In public access computing, security is VERY important! I cannot stress this enough! A firewall is a good idea, as is good strong passwords and the removal of unneeded services and programs (such as gcc and apt). All of these issues are out of the scope of this documentation, so it would be wise to read up on this stuff yourself and implement those security measures appropriately.

1.3 Thanks to those at PLUG

I would like to thank these people. They are listed in no particular order: Mike Joseph, Stephen Gran, Matthew Rosewarne, Steve Fiedler, Tobias DiPasquale, "Time", Michael Toren, and everyone who shows up at PLUG meetings (you could have a meeting without me, but I can't have one without you.)

1.4 Thanks to everyone else

max1million at forums.mozillazine.org

2.1 What's a kiosk anyway?

I've found a few definitions, one of them was so simple I had to mention it: "a computer enclosed in a box." My favorite definition is something along the lines of "A secured public computer that typically serves a single purpose". The first kiosk was an ATM (nicknamed the CashBot) and was built in the 1970's. Today, there are information kiosks, supermarket self-checkouts, photo processing booths, self-serve movie ticket kiosks, and of course Internet kiosks. All of these examples are secure physically as well as locked-down at the software level. There must never be any way for a casual user to get into the underlying configuration. They must never be able to see how things are done or to change anything at all. Also, an Internet Kiosk ought not ever retain user data, nor cache any pages.

2.2 In 100 words or less...

Just start with a minimal debian sarge or etch netinstall, install X and some Firefox dependencies, install Firefox from tarball. add some extensions, fiddle with some firefox components, make some init scripts, test the kiosk configuration, set a grub password, reboot to test, change some more configs, and then finally set up a link in /etc/rc2.d to the correct init script. It shouldn't take more than 2 hours from start to finish.

2.3 Hardware
Typically, a pIII with at least 96MB of ram and 2-3GB of disk space would be sufficient. I would reccomend around an 800Mhz processor and 128MB of ram. On ebay it might cost you less for the machine itself than it would cost to cover shipping. Touchscreens are nice, but pricey, and fragile.

2.4 What we won't be covering...

3 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

Firewalls, cleaning up of unneeded services, an easy way to maintain this thing, hardware specifications, special hardware, touchscreens and the manufacture of an enclosure, will not be discussed in this version of the howto. Check back later to see if a newer version has been posted.

2.5 How to use this HOWTO

To use this, you are expected to know enough about Linux to install the base system yourself. You also surely must know enough about security to be able to lock down the kiosk to your liking (don't come crying to me if your machine gets hacked, it's not my fault.) Text-mode commands are in white boxes with green lettering and borders. Commands that are supposed to be run by the superuser (root) have a hash mark (#) in front of them, while normal-user commands have a dollar-sign in front of them ($). Code Snippets are in an off-red color. Optional code is displayed in gray, and code specific for debian etch is in light blue.

2.6 "TO DO" list

Two things I might include in the next version would be a section on touchscreens and a description of how to easily create a Live CD. In a later version, I might add a run-down of how to create a live USB key. A USB Key (pen drive/thumb drive) which has a write-protect switch would be prime, as FWIU they only wear out when you write to them. Some day I might get around to figuring out DansGuardian, which would be incredibly useful for this project. One last thing... There is a BIG security hole in this current configuration. It is still possible to ctrl-c during the boot process. This is not a good thing, as someone could stop it from booting. If anyone has a viable way to fix this (without a kernel recompile) PLEASE email me. Thanks!

Because of a bug in the OS, whenever I booted a newly-installed daily-built netinst image for debian etch testing, the ethernet card came up as a different interface every time (eth1 once, then eth2, then back to eth1...) Because I only had a couple days to finish this after the bug appeared, I decided to continue on with debian sarge. This makes for more headaches setting up X and dependencies, but it makes little difference in performance for the end result. As of this writing, the etch bug is probably fixed.

3.1 Minimal Install

Do just what this section suggests - don't install a desktop environment or any extra packages except the base config. I set the normal user to have the username "kiosk". Choose to use a network mirror.

3.2 Edit /etc/apt/sources.list

If needed (if you installed etch), comment out the line(s) detailing cdrom sources.

3.3 Install a minimal X system (and some other things)

4 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

Fluxbox is what I used to develop this, but you could always use iceWM or windowmaker or whatever. Choose something lightewight. Whatever you decide on, it can be deleted later with 'apt-get remove ...' as we will not be needing it for the end result. # apt-get install x-window-system fluxbox If installing under etch, do this instead: # apt-get install xserver-xorg-core xorg fluxbox xli is a nice little thing used for displaying images. For this project, xli can be used for displaying an advertisement as the background of the kiosk screen. It will be visible only between firefox reloads. It's really a moot point, but it's also not the worst idea (not as bad as installing fvwm just so you can put graphics over top of parts of the browser...) I'm certain an advertisement popup system could easily be created within a half hour using tcl/tk and some creativity, or through a php frontend on a dedicated web server. So, if you want to add an ad later on, then install xli now. Fastjar is needed to unjar and rejar Firefox's browser.jar (which we won't need to do for this version of the howto.) Fastjar can be deleted after we're finished setting up. Note that if you don't plan on editing browser.jar, then fastjar can assuredly be omitted. # apt-get install xli fastjar If you're using sarge, XDM was probably installed as a dependency. So, right about this time I usually mv S99xdm to K01xdm in /etc/rc2.d like so: # mv /etc/rc2.d/S99xdm /etc/rc2.d/K01xdm

4.1 Install Firefox from tarball

Yeah, yeah, I know what you might be thinking, but no, we're not installing Firefox with apt. Why? In sarge, Firefox is sadly outdated (1.0.4) and in etch, Firefox isn't Firefox. It's Iceweasel. It's cool, yeah, sure, whatever. It breaks a badly needed extension, and unless you want to go fiddling with the code for R-Kiosk, don't use Iceweasel. I use IW on my own box, and I don't like it (not that I have a choice without chrooting; Firefox doesn't want to run under a 64-bit OS.) Installing FF2 from a tarball does not require compilation of any code. After installing dependencies, it's just extract Firefox and run. Simple. 4.1.1 Dependencies We need to install dependencies for our Firefox tarball: In etch: # apt-get install fontconfig libatk1.0-0 libcairo2 libglib2.0-0 libgtk2.0-0 libgtk2.0-

5 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

common libjpeg62 libpango1.0-0 libpango1.0-common libtiff4 libxp6 psmisc libstdc++5 (NOTE: The above command will also install gcc-3.3-base, which is undesirable) In sarge: # apt-get install libatk1.0-0 libglib2.0-0 libgtk2.0-0 libgtk2.0-common libidl0 libjpeg62 libpango1.0-0 libpango1.0-common libtiff4 libstdc++5 That ought to get Firefox running. And if you're wondering, yeah, all I did was type 'apt-get install firefox' and selected 'no', then installed everything that it listed - except Firefox and Iceweasel. 4.1.2 wget, tar, chown, mkdir, rm NOTE: Firefox 2.0.0.2 is out. It came out within the past week, which is why I'm not going to (can't) use it (some extensions don't work with it right now.) My suggestion would be to install the newest version of Firefox and see if the extensions work. If they don't, then remove the firefox directory AND the .mozilla directory and install one version number lower. 2.0.0.1 will probably work for everyone. $ cd ~/ $ wget http://ftp-mozilla.netscape.com/pub/mozilla.org/firefox/releases/2.0.0.1 /linux-i686/en-US/firefox-2.0.0.1.tar.gz $ tar xvzf firefox-2.0.0.1.tar.gz That should install Firefox to your home directory, which isn't such a bad thing, as we will chown it recursively as root. Then, as root, make a directory in the user's home called "downloads" (it can really be called anything, as long as it's owned by root.) Also we can now delete the Firefox tarball. # chown -R root:root /home/kiosk/firefox/ # mkdir /home/kiosk/downloads $ rm ~/firefox-2.0.0.1.tar.gz

4.2 Start Firefox

If you haven't yet, start X: $ startx It would be wise to create a new workspace (middle-click the desktop, click "new workspace") and open an xterm (right-click, xshells --> xterm.) Make the xterm sticky (click the dot in the top-left corner of the window, on the title bar.) Now, from that same xterm, keeping the process in the foreground: $ ~/firefox/firefox

6 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

4.3 Install extensions

Go to: Tools --> Add-ons --> Extensions --> Get extensions (bottom right.) This will load a page in the browser window. Search for these four extensions and install them: R-Kiosk, Stealther, Auto Reset Browser, and Public Fox. I used to have Blocksite included in that list, but it is not needed as of the latest version of Public Fox, which adds nearly the same exact blacklisting functionality that is desired (read on.)

4.4 Restart firefox, and...

Click the "restart" button in the bottom-right of the addons window. When it is done doing its thing, you will notice that Firefox is now in kiosk mode. At first there seems to be no way to get out of it (as it should be) but it is easily rectifiable now. Since you set up another desktop, just hit ALT-F2 to switch to it and the xterm you made sticky will be there. Click it, and press ^C to kill Firefox.

4.5 Get out of Kiosk mode.

The first thing you have to do is get Firefox to load outside of kiosk mode. Simply run firefox like so: $ ~/firefox/firefox -safe-mode A window will pop up that is not a Firefox browser window. Select the top checkbox and click the button on the bottom left to temporarily disable all add-ons before starting Firefox. Go into Tools --> Addons --> Extensions, disable R-Kiosk and Auto Reset Browser. Close Firefox and run it again normally: $ ~/firefox/firefox

4.6 Configure extensions

The first thing you want to do is enable Stealther by going to Tools --> Stealther, which should put a check mark next to that menu item. 4.6.1 Stealther When enabled, this extension will stop all data caching and disable browsing history, saved form information, as well as some other things. Make sure the two top boxes are not checked. Remove the 's' from the input box to disable the keystroke toggle. Remove the check in the box next to "Cookies" and make sure all other checkboxes are checked in that section. 4.6.2 Auto Reset Browser: This extension will reset the browser window after a period of inactivity, measured in

7 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

seconds. It will not work unless you disable Firefox's session restore feature. That process is described later on. You definately want both checkboxes checked, and select a time you think would be a good one to reset the browser automatically. The default, 300 seconds, is a good amount IMHO. Both boxes should also be checked by default. 4.6.3 Public Fox This extension is useful for many reasons, particularly because it allows for passwordprotecting the add-ons dialog, feeds and bookmarking. Choose a semi-strong password, such as one with three or more random, unrelated five-letter words. Write it down. Also check all the boxes in the top left section of this extension's preferences dialog. This extension also can be used for primative wildcard-based blacklisting or whitelisting to block seedy sites, like those peddling smut, or any other unwanted sites. It filters URL's through a list containing entries with wildcards before displaying them. Sometime soon, I might have a somewhat effective and typically adequate blacklist file available in the "links" section at the end of this how-to. 4.6.4 R-Kiosk This is the 'heart and soul' of the kiosk and gives the basis of security. A few caveats: it doesn't stop the download OR upload dialogs, doesn't stop bookmarking, doesn't stop the installation of extensions, and is 99% un-configurable, only allowing you to disable printing (a moot point) and enable the navigation/location/search bar - we will discuss how to do this later.

4.7 Configure Firefox itself

Remember that password you set a while back? You will be using it now. Go to edit -> preferences. 4.7.1 Preferences What follows is a slew of screenshots. They detail the preferences I used for my kiosk. 1. Preferences -> Main

8 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

2. Tabs

9 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

3. Content

10 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

4. Content - javascript advanced settings

11 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

5. Feeds The default should be fine. 6. Privacy

12 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

7. Privacy - Private Data Settings

13 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

8. Security

14 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

9. Security- Warning Settings

15 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

10. Advanced - Update

16 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

4.7.2 about:config Remember that password you set a while back? You're going to need it again. Put about:config into the location bar and hit enter. 1. Disable session store From Mozillazine.org: 'To disable the feature add boolean browser.sessionstore.enabled in about:config and set to "false". No startups will restore sessions.' - If you do not set this to 'false', then not only will Auto Reset Browser fail to work correctly, but session data will be saved and you do not want that. 2. Hack to disable addition of bookmarks (obsoleted after latest version of public fox) Skip this one unless you're having problems with people setting bookmarks by right-clicking the tab bar. Problems with people saving bookmarks are easily rectified by configuring browser.bookmarks.file in about:config - set the string to /home/user/downloads /bookmarks.html and it will prevent any saving of bookmarks. This works because,

17 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

as you may remember, that directory is owned by root and nothing can be deleted or changed there by the user. It will still be possible to create new bookmark folders, but they will vanish whenever auto reset browser does its thing. 3. Disable the file picker Looking for a solution to this security hole took the most time compared to any other part of this project. I found this fix literally 24 hours before the presentation was to be given. First, enter boolean option ui.allow_platform_file_picker and make sure it is set to "false". This will disable GTK's file picker. We're only 1/2 done, to complete this task we must delete a file and touch it for good measure: # rm /home/kiosk/firefox/components/nsFilePicker.js # touch /home/kiosk/firefox/components/nsFilePicker.js I'm told it would probably be wiser to chmod this file 000 instead of deleting it: # chmod 000 /home/kiosk/firefox/components/nsFilePicker.js What you have just done is force Firefox to use its own file picker, which is not accessible on that machine any more. When someone goes to upload a file, nothing should come up - no dialog, no error message, nothing. 4.7.3 Re-enable extensions This would be a good time to enable any extensions that you disabled previously. First, re-enable Auto Reset Browser and check to see if the settings are to your liking. After that, re-enable R-Kiosk. Restart Firefox to allow the changes to commit. 4.7.4 "Hack it up hack it in, let me login..." Close Firefox. There are two gaping security holes right now: installing extensions and running anything through an already installed program. We will also stop the print dialog from coming up. 1. Chown and chattr: extensions.ini Even under R-Kiosk you still have the ability to install extensions. This is easily rectified. Exit firefox, and execute the following commands, as root, replacing {default-profile} with whatever the directory happens to be named (hint - it ends with default) # chattr +i /home/kiosk/.mozilla/firefox/{default-profile}/extensions.ini What 'chattr +i' does is add the immutable bit to a file, making it impossible to delete, move, rename, append to or otherwise modify that file without first removing the bit. If you ever need to edit the extensions again, just do this: # chattr -i /home/user/.mozilla/firefox/{default-profile}/extensions.ini

18 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

2. Rm and touch: nsHelperAppDlg.js Here's the second security hole: we need to stop users from downloading and running files. Well, we got the downloading part fixed (sorta, the files still download to /tmp) but end users can still run shell scripts through bash. What better way to stop the end user from running evil shell scripts than to stop the 'open with' dialog from coming up? This is how it is done: # rm /home/user/firefox/components/nsHelperAppDlg.js # touch /home/user/firefox/components/nsHelperAppDlg.js Like before, if you prefer you can simply chmod it to 000 What you just did was completely remove the "save/open with" dialog. A substantial replacement (empty file) was created. Right now, if you were to try and download a file of an unknown type, it would pop up with an error message and Firefox would just keep chugging along. Here is yet another option to fix this security hole. From max1million on forums. mozillazine. org, I got a suggestion to change this line: show: function( aLauncher, aContext, aReason) { to say this: show: function( aLauncher, aContext, aReason) { return; That might stop any error popups from coming up when a link to an unknown file type is clicked. 3. Disable print dialog Directly from the developer of R-Kiosk: You can enable Navigation toolbar by adding the following to user.js: user_pref("rkiosk.navbar", true); You might want to remove the print dialog by adding following lines to your user.js: user_pref("print.always_print_silent",true); user_pref("print.show_print_progress",false); user.js resides the profile directory. It most likely won't be there so you must create it. I suggest you do NOT enable a navigation bar. Why? A couple reasons, mainly it's not necessary (I mean, seriously, what do you need on the web that can't be found through Google?) Many people, believe it or not, are oblivious to the location bar (if you don't believe me, then explain the ease of which people's information gets phished.) If you enable the navigation bar, you must disallow certain uri's ("file://" for example.) This last reason is a fairly simple task, and if you want more information please email me.

19 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

4.

Start up Firefox (it wasn't still on, was it?) and see if the modifications work - go to coolservice.dk and try to upload a file with their cell phone file uploader. Find a shell script on google and attempt to run it through bash. Try to install an extension. Try to print something. Try to visit a site you blacklisted. If you can not succeed, then proceed to the next objective.

5.1 set up the kiosk's .xinitrc

My /home/kiosk/.xinitrc looks like this. It will run Firefox perpetually: #!/bin/bash # give a nice white background for when Firefox reloads xsetroot -solid white & # optionally, the above can be commented out and the one below # can be uncommented to use an image for the background #xli - onroot -quiet /home/user/ad-or-logo.png & # perpetuality ensues... while true ; do /home/kiosk/firefox/firefox done After creating .xinitrc, it's a good idea to add the immutable bit. You must chmod it a+x before you add the immutable bit. # chmod a+x /home/kiosk/.xinitrc # chattr +i /home/kiosk/.xinitrc

5.2 /etc/init.d/kiosk
# pico -w /etc/init.d/kiosk Init scripts are meant to be run once and exit, and shouldn't be just hanging around waitiing for things to finish. Add the following code: #!/bin/bash echo 0 > /proc/sys/kernel/sysrq echo -e "\t Putting the machine into Kiosk mode . . . \n" sleep 3s /bin/startkiosk.sh & Therefore, we use the init script as a wrapper for another script. Also you might have noticed that "echo 0 ... " line. This is very important. No public Linux box should go without this step! Alt-SysRq can do a lot of things which you don't want to happen on a public computer (such as immediate reboot without syncing filesystems or unmounting disks, send

20 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

a SIGKILL or a SIGTERM to all processes (including or excluding init), remount all filesystems read-only, as well as a bunch of other stuff. I can not stress this enough: you must not omit that line if you plan on publicizing the machine. Don't forget to chmod it a+x: # chmod a+x /etc/init.d/kiosk

5.3 /bin/startkiosk.sh
# pico -w /bin/startkiosk.sh What this script does is login as the normal user with su and start up X through xinit. #!/bin/bash # this is /bin/startkiosk.sh su - kiosk -c 'xinit' shutdown -r now Optionally, a 'while true ; do ... done' statement can be utilized to run X perpetually: #!/bin/bash # this is another /bin/startkiosk.sh while true ; do su - user -c 'xinit' done Don't forget to chmod it a+x: # chmod a+x /bin/startkiosk.sh

5.4 Xwrapper.config
This modification will allow X to be run thorugh su in a script instead of just through the console. From http://www.knoppix.net/forum/... Edit file /etc/X11/Xwrapper.config ... Change this line: allowed_users=console to: allowed_users=anybody So, either fire up pico, or run this command: # sed -i 's/^allowed_users=.*/allowed_users=anybody/' /etc/X11 /Xwrapper.config

21 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

5.5 Test your new kiosk

Save all your data and run /etc/init.d/kiosk to see if it works. If you are pleased with the results, then pressing ctrl-alt-backspace will kill X and also reboot your system.

5.6 GRUB Password

The reason why we want to have a GRUB password and not just have GRUB boot into kiosk mode immediately is because we (or, I, at least) want to be able to maintain the kiosk easily from the terminal without having to open the case and without having anyone else be able to 'maintain' it themselves. As the normal user, open two xterm windows. In both of them: $ su ... and enter the root password. In the first window, as root: # grub-md5-crypt It will prompt for a password, choose carefully. It will promt for you to retype it, and if they match it will then spew out your encrypted password hash. Highlight the hash. Now, in the second xterm (still as root,) open /boot/grub/menu.lst in your favorite editor... # pico -w /boot/grub/menu.lst ... and find the commented-out part that talks about passwords. Put this after that commented area, replacing {hash} with your valid encrypted password hash (what you hilighted eariler...): password --md5 {hash} (that's two dashes before md5...) So, with a hash, it would look like this: password --md5 $1$jxcdN0$hVHViq1aiPf8FziuGJGZp0 You also want to either delete or lock the title entry that talks about single-user or recovery mode. After the title entry I'm talking about, type "lock" without quotes, on its own line, all by itself. What locking does is require you to type the password above before booting that title. It should be after the line starting with "title" and before the line starting with "root". You really ought to do this only for the non-default entries. After that, copy the title that details a normal boot. Paste it into the space after that title and add a "3" to the end of the kernel line (so it boots to runlevel 3) and add a "lock" line after the title line. Before you finish, be sure to change the title entries to something a little less revealing, such as "Start Kiosk" for the normal entry, "Maintain Kiosk" for the entry that boots into runlevel 3, and "Rescue Kiosk" for the single-user/recovery entry. After doing that, save and exit (^X y)

22 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

5.6.1 Reboot, test Reboot and test your password - at the grub screen, press any key and then hit p, enter your password. If it doesn't work, boot into "Start Kiosk" and start the GRUB password process (section 5.6) over again. If you can't get to a shell, then you'll have to boot a knoppix cd (or put the hard drive into another machine,) mount the drive and change menu.lst that way.

5.7 Modify XF86Config or xorg.conf

You could change xorg.conf to disable killing X through ctrl-alt-backspace, zooming, and also switching to virtual terminals. I like to put this code near the top of the config: Section "ServerFlags" Option "DontVTSwitch" "true" Option "DontZap" "true" Option "DontZoom" "true" EndSection

5.8 Delete unused programs

If using sarge, You might want to run '/etc/init.d/xdm stop' as root from a virtual terminal before proceeding. # apt-get remove fluxbox Just remove what you feel you don't need.

5.9 rc2.d
Prevent any services that you don't need from starting at bootup by moving them from S to K in /etc/rc2.d - here's an example for XDM: # cd /etc/rc2.d # mv S99xdm K01xdm We want the kiosk init script to run last, which is S99. So, let's move all the current S99 links to S98 links: # cd /etc/rc2.d # for i in S99*; do mv $i `echo $i | sed 's/99/98/'`; done # ln -s /etc/init.d/kiosk ./S99kiosk

You're done! And, in less than two hours, right? Please email me at jadoba@jadoba.net if you have any comments. Have fun!

23 de 24

http://jadoba.net/PLUG/kiosks/howto/#3

PLUG Website Slides from my presentation SOON (never): a tar file with copies of all the init scripts

24 de 24