You are here

How To Create An Internet Kiosk with Kubuntu

kubuntu.pngI help run a medium-sized scientific conference annually. We have an internet cafe / registration room where our attendees may pay for the conference or just surf the web. We used to run WinXP with the hive cleanup tool and a lockdown utility probably created by a Microsoft intern. It worked fairly well. Then Windows released SteadyState, which we tried last year. SteadyState worked as advertised on my test machine, but failed spectacularly at the conference on 80% of the kiosk machines - I'm still not sure why. So on the spot we developed a Kubuntu alternative, which turned out to be better.

STOP!

You probably want to read my new article on this topic. I will leave this article online for legacy reasons.


The following is how to create a relatively secure internet kiosk using Kubuntu. We assume we are able to relatively trust our users with the computers and the network. If you have to deal with malicious users you may want to add more precautions.

Update 2009-09-21: I can confirm this works in KDE3 and KDE4.

The methodology for this should be to perfect the kiosk as much as possible on one machine (or a VM) first, then clone that machine to all your other computers, changing hostnames where appropriate.

Step 1: Partitions

The crux of this design is ensuring that any changes to the kiosk user home directory are wiped out after the user logs out. For this we union mount a writable tmpfs on top of a read-only template. This is pretty convenient because anytime you want to change the user template, you simply mount the read-only partition as writable, make your changes, and revert the filesystem scheme. Here is my partition scheme:
Kiosk-Partitions.png
Figure 1: Kiosk Partitions
/dev/sda1 is mounted at /, and contains only system files.
/dev/sda2 is swap. Along with RAM, this is the user writable space - increase this for more user space.
/dev/sda3 is the read-only user template. This only needs to be large enough to contain your template files.

The hard drive is small because this is a VM, but you can expand your partitions to any size you like. The good thing about internet kiosks is that they typically need hardly any space. A 6GB drive would suffice for many kiosks. You don't need to use jfs, you can use your fs of choice.

Step 2: Boot from new Kiosk, install required packages

To create a machine which be compatible with media technologies users are familiar with (certain codecs, flash), edit sources.list and make sure universe, multiverse, and restricted sources are being read. Then do a: sudo apt-get install firefox unionfs-tools timeoutd openssh-server kubuntu-restricted-extras flashplugin-nonfree

Step 3: Create the Kiosk user

sudo useradd kiosk
Set the password to something long and random, eg: Q5w?47yK&=Asa&mB4g&658tE=BZWZ$KUV2_6c+R#_J9kb462m7v7zNKvNWpe5LWj
Keep this password hidden from the users. This way they don't have access to change their password or remotely log in.

Give kiosk user access to the cdrom, audio, and hot pluggable devices (eg thumbdrives):
sudo usermod -G plugdev,cdrom,audio kiosk

Step 4: Setup your filesystem

sudo mkdir /kiosk-ro sudo mkdir /kiosk-rw Setup your fstab, here is mine:
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=d49413fa-a1cb-4677-8ddc-1418a385102d /               jfs     defaults,errors=remount-ro 0       1
# /dev/sda3
UUID=b50fed0f-15c8-4b02-9faf-21105e2d7acd /kiosk-ro        jfs     defaults,ro        0       2
# /dev/sda2
UUID=f63af8ab-f085-4a61-b2dc-195366e60e68 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec 0       0
When you are creating your template filesystem, do
sudo mount /dev/sda3 /home/kiosk
Make the changes you want (e.g. log into kde as 'kiosk' and set the firefox homepage, install firefox plugins, make desktop shortcuts, etc). When you are done: sudo umount /home/kiosk

Step 5: Configure KDE to behave as a kiosk

Make KDE auto-login as user kiosk - when the machine reboots it will already log in as kiosk. Edit /etc/kde4/kdm/kdmrc (/etc/kde3/kdm/kdmrc for kde3) and modify these values: AutoLoginEnable=true AutoLoginAgain=true AutoLoginUser=kiosk Next, edit /etc/kde4/kdm/Xstartup (/etc/kde3/kdm/Xstartup for kde3) and put these lines near the top: logger "mounting tmpfs at /kiosk-rw" mount -t tmpfs -o mode=777 tmpfs /kiosk-rw logger "mounting unionfs at /home/kiosk" mount -t unionfs -o dirs=/kiosk-rw=rw:/kiosk-ro=ro unionfs /home/kiosk And /etc/kde4/kdm/Xreset (/etc/kde3/kdm/Xreset for kde3): logger "unmounting /home/kiosk" umount -t unionfs -fl /home/kiosk logger "unmounting /kiosk-rw" umount -t tmpfs -fl /kiosk-rw

Step 6:Disable crontab for kiosk user

crontab access will allow a maclious kiosk user to exploit accounts of those who use the machine after her. So disable crontab for the kiosk user: echo 'kiosk' | sudo tee -a /etc/cron.deny

Step 7: Configure an automatic timeout for user kiosk

Because of the limitations of timeoutd (installed in step 1), this is the least ideal portion of the kiosk machine. If anyone has a better suggestion, I'd love to hear it.

Put this line in /etc/timeouts: Al:*:kiosk:kiosk:5:*:*:0
This line logs the kiosk user out after being idle for 5 minutes. The problem with this package is that, as far as I can tell, there's no way to give a person the warning they will be logged out if they continue to be idle. You can specify a X minute warning, but after X minutes the user is logged out, even if they are no longer idle. Also, there is no way to customize the warning message.

Step 8: Tie the kiosk machine into your infrastructure

Install your ssh-keys into the admin account on the kiosk machine so you have instant ssh access. You could setup syslog-ng for centralized logging, cfengine/puppet for management, or all the plethora of possibilities which are possible with debian/ubuntu packages.

Step 9: Cloning your kiosk machine

This is a full block-by-block copy so it works best if you have a gigabit switch. All you have to do is boot both your master copy and target from a linux boot CD (ubuntu works fine). Turn on the ssh daemon on the target machine. From the master copy type: sudo dd if=/dev/sda | ssh -t ip.target.machine sudo dd of=/dev/sda Go read a few chapters of a book or surf the web, after several hours it will be done. You can open up "top" on the target machine to make sure progress is being made.

Step 10: Further Security Considerations

I'm pretty comfortable with how locked down this system is for largely trustable users - but malicious users will be able to find some ways around the safeguards. Perhaps more importantly, you still need to watch out for users physically installing keyloggers to capture information of later users. Keeping the workstation and its connections inside a locked cage/box is a good way to deter keylogging.

Many thanks go to Chris Adams who gave me the initial idea for this project and implementation advice. If anybody has any further suggestions, recommendations, or questions please leave a comment.

Comments

How about having the kiosk machine w/o hard drive (or using it just for swap) and booting off live cd like ubuntu OR knoppix?

I'm sure that might work for some applications but unless you have some kind of custom boot CD every user will have root access on the machine, which is often not desirable.

Secondly, the system data is stored on a CD which really slows down the computer anytime it loads something. Users are often not very forgiving when it comes to slow computers.

Howdy!

Love the concept but I'm not getting it to work correctly on my end. I believe I followed the steps but once I add the lines to XStartup I get an error about the DCOPServer not finding the necessary network connections. I notice that when the lines are added in XStartup the permissions of the /home/kiosk folder gets changed to root ownership (and I believe that is the problem). Unfortunately, I'm a linux newbie and don't know what I can do next to overcome this issue.

Any ideas?

Have a great day!

chris

I suspect you are right. You'll get this message when the kiosk user can't write to the kiosk home directory. The way I solved this as shown above is by making the kiosk user's home directory (the unionfs one) world writable - since the only untrusted user on this machine should be the kiosk user. Multi-user machines will want to find another solution.

Make sure you're not missing this line from Xstartup (particulalry notice mode=777):

mount -t tmpfs -o mode=777 tmpfs /kiosk-rw

The reason why this directory needs to be mounted as world writable is because there is no uid mount option for tmpfs. There may be a way around this (eg with an fstab entry), but I haven't spent enough time investigating that.

Just wanted to thank you for this guide mate- I used it - it took a tiny bit of muddling around for KDE4 but it works like a charm.

For anyone else looking at doing this it looks like unionfs-tools is now incorporated into Kubuntu.

Glad I could help and that it worked for you. Thanks for letting us know about unionfs-tools. I may create an updated version for kde4 within a few months.

I can't seem to get this to work. When I enter "sudo mount /dev/sd3 /home/kiosk" i get the error message "mount: special device /dev/sd3 does not exist", as if the SD3 partition isn't there.

doing a "sudo fdisk -l" lists this:
-----------------------------------------------------------------------------------------------------------------
Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xc5bec5be

Device Boot Start End Blocks Id System
/dev/sda1 * 1 365 2931831 83 Linux
/dev/sda2 366 1581 9767520 82 Linux swap / Solaris
/dev/sda3 1582 2797 9767520 83 Linux

-----------------------------------------------------------------------------------------------------------------
Perhaps I'm creating the partitions incorrectly in the first place. Can you give me any more information regard the inital setting up of the partition (should sd3 be a primary or logical partion, does it matter where you mount it, etc.)
I'm relatively new to linux, but have a basic knowledge of how to get around.
Thanks

You might have just been sleepy because this was a really simple mistake here. Instead of sudo mount /dev/sd3 /home/kiosk use sudo mount /dev/sda3 /home/kiosk

Wow, I just noticed that was my typo originally in the howto. I'm sure I was sleepy when I wrote it AND probably when I replied to this comment too.

Also, it can be useful to limit number and/or size for files:
mount -t tmpfs -o size=1G,nr_inodes=10k,mode=777 tmpfs /kiosk-rw