After two years of working with KDE, we think it is now time to share the results of our efforts to create a restricted KDE as part of our Linux-based thin client project that is now nearing completion. A write-up of our design and strategy is available as well as the patches that we used to customize KDE to our needs.
In a restricted desktop (kiosk-mode), the goal is to prevent the user from:
- opening a shell,
- running arbitrary commands,
- modifying files directly, or,
- having a view to the filesystem.
the user can:
- run applications provided by the administrators, and,
- configure the desktop to a certain degree.
KDE provides some functionality to achieve a part of this
(configuration files, environment variables, and alike).
There are certain requirements however, that can only be met by modifying
the KDE sources. The patches can be found here. Read the details and
further instructions in
the KDE Kiosk Mode
HOWTO that will also be submitted to the Linux Documentation Project.
It is our hope, that the idea of a restricted desktop will be merged into
KDE 3.0 as we know that there exists a kiosk patch for konqueror as
well. It is our belief that this is just the thing admins need in a
This development is a key to the deployment of Linux/KDE as a workstation environment in many organisations that today use another well known OS. Keep it coming!
Why is it that as soon as a decent desktop turns up then the first thing people try to do is make it braun dead just like ms windBlows i do wish people would leave well alone the art is to educate the employees not make there computers dead mutants ,,,, GROW UP PEOPLE ..! for crying out loud this IS SUPPOSED TO BE THE 21st CENTUARY ! you know paperless office ect ..
Because there are always one, ONE, in every organisation that can/will not comlpy to admins and business rules. It's sad but it's a fact that not all peopel can be trusted with the power of a modern desktop
an old one: computers are made for people, not the other way around :)
so if we make software we have to take into account it will be used by people.
Some people are happy being dead computer mutants.....it keeps people like us employed. :P
Most likely the targeted users of such a system wouldn't necessarily be employees, but customers or the general public.
If I want to deploy a set in the lobby of an office building to act as a building directory, I sure don't want random people opening up xterm on it. Plus, deploying an old 486 in the lobby loaded up with Linux is much more financially attractive than paying for a touch-screen system and the uber-expensive contractor to program it.
This is nothing like Windows. Windows has zero security - you can tamper with anything on Windows. This should run the KDE session as non root and since shell and file system access is protected can be secure. The fact that you can avoid typing passwords into a kiosk machine which may be physically insecure to get access to services that don't need a password actually improves security over a standard system with a user login. How do you use a standard system login in a kiosk application where none of the users will have accounts? Log in to your own account and leave members of the public to tamper with it? Now that is Windows (NT) style usage (no security is Windows 98 style usage).
Think of this as a really souped up graphical version of your typical boot-up menuing system, where your menuing system is the KDE desktop.
This is going to be really useful for things like POS stations, public information display systems, public appliance machines to do things like scanning, faxing, printing etc. The challenge will be preventing the applications from bypassing security. However it should be possible to adapt any open source application to be secure, and since you are only going to install a few specific applications, this should not be too difficult.
I need a graphically attractive window manager, simple to use yet secure on linux boxes to develop for an internet café.
I'm writing a daemon in Perl in the meanwhile to control external hardware that grant timed access to the box.
I guess this is good stuff.
on the trusting matter.. how can you trust users that are trying to get surfing time for free?
I for one would like to start seeing things like airport kiosks, Per/hour Net Access terminals, Information kiosks, etc. running linux. This allows for this functionality and could potentially expose KDE to the masses.
Instead of telling people to GROW UP, you can think of this as KDE growing up and becoming a viable commercial alternative to Windows.
the denver, colorado, usa airport has been using linux-based kiosk terminals for more than a year
YES!! I am working for a startup kiosk supplier, and as the head tech person, will have the final call on what to base our operations on. Initially it was Win2K, but the security issues, quality of software, expense etc. is a major put-off. Now I will have the opportunity to convert our existing and ongoing operations to linux. I've been using (playing with) linux since about '98, and have never been in the position where my employer trusted open source enough to use for commercial applications, until now.
The research is currently ongoing, and I expect to be in a position to offload all MS based software in favour of the penguin within 2 months.
Is this you?
Aidan from Wales
How is switching to a console with ctrl + alt etc. prevented?
Of course, to make the system "secure" one has
to do more than just dealing with the
desktop environment, think about what
you can do in netscape or other applications.
This is not really the topic of this project.
But to answer your question, we allowed only
root to login on a virtual console, so
the user can switch but receives a permission
denied when trying to login.
It is not prevented. But only root can login on the virtual consoles. This can be done using pam
with an entry like
-:ALL EXCEPT root:tty1 ttyS0 ttyS1
Note: This is the path under Debian. No idea about other distros.
AFAIK this is an X-server-setting
I think you can do this by editing /etc/inittab.
Comment out the following lines with a #:
c1:12345:respawn:/sbin/agetty 38400 tty1 linux
c2:12345:respawn:/sbin/agetty 38400 tty2 linux
c3:12345:respawn:/sbin/agetty 38400 tty3 linux
c4:12345:respawn:/sbin/agetty 38400 tty4 linux
c5:12345:respawn:/sbin/agetty 38400 tty5 linux
c6:12345:respawn:/sbin/agetty 38400 tty6 linux
I commented out the last two lines several months ago because it is much easier to type alt f5 than alt f7 and I never user tty5 or tty6.
Also, I would like to remind you that if this doesn't work, your system won't boot! Make sure you have a _working_ bootdisk and you make a copy of inittab before you change it.
you can configure /etc/XF86Config for that.. check.. it's in the initial options :P
An idea I've been tossing around for something similar goes like this:
Modify Konqueror in such a way that you can pass it a parameter via the command line and have it run in "restricted mode". What this would do is disable all of the terminal/filemanager type abilities, and remove all of the KIO slaves except those that handle HTTP and HTTPS, allowing the user to *only* browse the web. Why is this ideal?
Consider this situation. I have a neat little PC in my bedroom. When my parents come to visit, they sleep in my room. I don't want them to accidentally do any damage to my machine (which they are more than capable of doing -- don't ask how), and I want my dad to be able to hit Motley Fool and his other financial sites when he wakes up, and I want my mom to hit hotmail. All this requires is a browser. So I could run KDM, add a user with a simple password called "guest". This user would have no shell, and would not be allowed to log in remotely. When the user logs in via KDM, however, it starts X with no window manager, loads Konqueror in "restricted mode", and maximizes Konqueror on the screen. Thus, they are surfing a really dumb web terminal. Exactly what they need, no more, no less.
My 2 room-mates and I have a combined total of 6 Linux desktops scattered throuout the house. This feature would be useful on some of them. I'd love to implement this myself, if someone would only tell me where to start...
as you say yourself, simply remove the other ioslaves, i.e. delete the .protocol (file.protocol) files and the actual ioslaves (kio_file.so)
I wonder how your parents could running as a normal user (read, not root!) damage your system.
Surely this sort of thing could be done simply with the xml interface? AFAIK all kde2 applications have their menus and toolbars defined by a simple xml file so you could just edit it so that with profile management only a simple browser window is opened with say back, forward and home buttons. Any 'powerful' commands are simply not included in the menus or toolbars.
I would imagine that most of kde could be closed up very neatly with this. Sure, people could do things if they really wanted but this sort of thing isn't meant to protect against technically competent people, its purely to make things simple for the masses by taking away all those 'confusing' options and to stop them accidentally bringing the system down
With a kiosk mode, this might be the correct way to have linux boxes on display at stores. M$ stuff locks you down so that you can't do anything at all. But a nice kiosk mode combined with a ro mounted home for KDE might be interesting.
It would be smarter to make a script that restores $HOME from a tar-file (or whatever) everytime the user logs out...
all links of kiosk mode and howtos are removed! i cant find it, i try to install kiosk-mode but it told me i need Qt libraries, but i think i really install everything! i work on Suse 8.2 but i can install a better distribution for work on it.
Sorry for my bad english, i am newbye on linux too thx
Check the KDE web site, www.kde.org
then search for kiosk. for me the third
one down the page is the link to HOWTOs and FAQs.
there is a README on KDE Kiosk mode. I am just
starting to look at a project myself, and thought
this might help. Suerte!
glad to see your acheivements.. i'm new to linux and at the same time have some tought tasks to perform. your help would be very appreciated.
just wana do that as " the system boostup there should be no login prompt and right away a web browser should be appear with some specified website.
then user hav no options to go outside of the browser. also no option to change the website address. + (no minimize,maximize,or close the browser)
and no permission to perform any task e.g. open any other application etc.
please help me in this problem.