On 0, Erik van der Meulen <e.van.der.meulen@avondel.nl> wrote: > On Mon, Apr 08, 2002 at 01:39:52PM +0800, Crispin Wellington wrote: > > > > which contains a file 'SecurityPolicy'. That seems to be applicable, > > > only quite complex! Can I accomplish the required by making changes > > > here? > > > Do you have /etc/X11/Xwrapper.config? > > > Read my post somewhere else in this thread re: Xwrapper.config > > Ah thanks, that slipped through. Now it works just as I wanted! > > Resuming: > > - I replaced the symlink for 'xdm' in /etc/rc2 with a symlink to a new > script called /etc/init.d/kiosk. > > - That script runs /usr/local/bin/startkiosk as user kiosk > > - /usr/local/bin/startkiosk only does 'startx' > > - in /home/kiosk/.Xsession Galeon is started fullscreen, with a few > tabs that contain some useful bookmarks. > > - for the time it also starts icewm-experimental because that seems > to work better with some popups. I will experiment a little more > later. > > I am quite pleased with this setup and would like to thank all that have > helped me out with it! > > Funny thing is this: I cannot establish a telnet session with the kiosk > machine. After I enter my login name I get: > > System bootup in progress - please wait > > and than fails. Should be because of the changes in the rc2? Is there a > way around this? Not too much of a problem (walking 3 stairs basically) > but if there is a simple solution... The reason this happens is that the running of the rc?.d scripts is part of init changing runlevel. The system is not considered to be fully booted until the runlevel is completely changed. Since your entire user session is occuring during the runlevel change, the system does not finish booting... until it shuts down, perhaps not even then. What *I* think you should do is something like this: * Let the system go through a 'normal' boot so that it presents the 'login:' prompt. * Change this part of inittab: 1:2345:respawn:/sbin/getty 38400 tty1 2:23:respawn:/sbin/getty 38400 tty2 3:23:respawn:/sbin/getty 38400 tty3 4:23:respawn:/sbin/getty 38400 tty4 5:23:respawn:/sbin/getty 38400 tty5 6:23:respawn:/sbin/getty 38400 tty6 to: ks:2345:once:"su kiosk -c '/usr/local/sbin/startkiosk'" which will run the kiosk at boot but will allow the normal boot process to complete. It also has the effect of completely denying console logins, which you may or may not like. Or, even better, km:2345:once:"echo Press Ctrl-S to start the kiosk." ks:2345:kbrequest:"su kiosk -c '/usr/local/sbin/startkiosk'" but you need to mess with the kbd stuff to map Ctrl-S to a special signal then. Remember than anyone with physical access to the machine can potentially boot with 'linux -single' unless you stop lilo from presenting a prompt. But then, if you deny console logins, and don't allow single user mode, and, say, your network card gets borked, or even if telnetd/sshd won't allow root logins, how are you going to admin the machine? Have a boot disk which can boot *without* the hard disk handy! My $0.02. Tom -- Tom Cook Information Technology Services, The University of Adelaide "That you're not paranoid does not mean they're not out to get you." - Robert Waldner Get my GPG public key: https://pinky.its.adelaide.edu.au/tom.cook-at-adelaide.edu.au
Attachment:
pgphNd0y8W7H6.pgp
Description: PGP signature