Re: some kind kiosk system

To: debian-user@lists.debian.org
Subject: Re: some kind kiosk system
From: "Karsten M. Self" <karsten@linuxmafia.com>
Date: Fri, 23 Jul 2004 10:42:40 -0700
Message-id: <[🔎] 20040723174240.GD502@linuxmafia.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 41010168.7030504@is-cs.com>
References: <[🔎] 20040723104852.6c49180b@localhost> <[🔎] 871xj3jg3i.fsf@ursine.ca> <[🔎] 20040723084938.GB502@linuxmafia.com> <[🔎] 41010168.7030504@is-cs.com>

on Fri, Jul 23, 2004 at 08:15:36AM -0400, Steve Glines (sglines@is-cs.com) wrote:
> Karsten M. Self wrote:
> 
> > on Fri, Jul 23, 2004 at 01:13:53AM -0700, Paul Johnson (baloo@ursine.ca) wrote:
> > 
> >>Justinas <justinas.g@patikimi.lt> writes:
> >>
> >>
> >>>	There is an computer game club with 49 computers running
> >>>linux. I would be glad to hear any suggestions how to build entirely
> >>>system that forbids users to execute any other programs or scripts,
> >>>only games, browsers and some office programs. The main aim of this,
> >>>to keep computer out of trash and make administrators life
> >>>easer. Could somebody share experience on some kind computer kiosk
> >>>systems. Any suggestions, critics are acceptable.
> >>
> >>Don't install more than you need installed.  That'll get you about 90%
> >>there.  The last 10% can be taken care of with groups and file
> >>permissions, or if you want to overkill it, the ACL permission support
> >>in 2.6 might be of help (however, I don't use ACL support, don't know
> >>how well it works, and have more or less been waiting for success or
> >>horror stories which have yet to materialize from what I've seen).
> > 
> > 
> > ...user state in ramdisk and/or copied into the user's account at
> > startup.  And a watchdog to slay the user if critical files disappear or
> > are changed.
> > 
> > One of the better descriptions I've seen of a Linux Kiosk configuration
> > is JWZ's DNA Lounge systems.  San Francisco nightclub, typically filled
> > with several hundred highly individualistic patrons under varying
> > influences astrological to zoological, and overall both reliable and
> > usable.  GIYF.
> 
> Just invoke users shell as bash -r

Not sufficient.

RTFM.  You'll find that the restrictions within a restricted bash shell
are dropped when executing shell scripts.  Which is a handy way for
doing various things.  And hence, rather limiting.

I'd look at a chroot or UML jail for additional security.


Peace.

-- 
Karsten M. Self <karsten@linuxmafia.com>        http://linuxmafia.com/~karsten
    Ceterum censeo, Caldera delenda est.

Reply to:

References:
- some kind kiosk system
  - From: Justinas <justinas.g@patikimi.lt>
- Re: some kind kiosk system
  - From: Paul Johnson <baloo@ursine.ca>
- Re: some kind kiosk system
  - From: "Karsten M. Self" <karsten@linuxmafia.com>
- Re: some kind kiosk system
  - From: Steve Glines <sglines@is-cs.com>

Prev by Date: Re: Is Linux Unix?
Next by Date: Re: Is Linux Unix?
Previous by thread: Re: some kind kiosk system
Next by thread: Re: some kind kiosk system
Index(es):
- Date
- Thread