Kiosk Mode in Linux
This week I needed to set up a limited Linux account which could be used for web browsing only. No window management, no desktop, no menus, no other applications, just Firefox in full-screen mode. There are quite a few kiosk HOWTOs on the web, but they mostly cover setting up a kiosk-only computer. Limiting the restrictions to a single user account was a little bit different.
The following steps were tested in Ubuntu Linux. Some of the configuration files may be placed elsewhere in other distributions, but the differences will likely be minimal.
I. Setting Up Privoxy
Since the users are allowed to browse only a few selected web sites, a white-listing filter is needed. After a few unsuccessful attempts to configure the FoxFilter Firefox extension I decided to use Privoxy. I put the list of allowed web sites in
/etc/privoxy/trust and enabled white-listing by uncommenting
trustfile trust in
To get rid of the ugly “Untrusted” message that Privoxy normally displays, I replaced the template (
/etc/privoxy/templates/untrusted) with a blank page that simply redirects the user to one of the white-listed sites:
<html> <head> <meta http-equiv="refresh" content="0;URL=http://www.example.com"> </head> <body> </body> </html>
I also removed every other template in the directory to disable the web interface of Privoxy.
II. Locking Down Firefox
First, I set the proxy (
Preferences – Advanced – Network – Settings) to
8118. These are the default settings of Privoxy.
In disabling all the menus and toolbars of Firefox, the R-kiosk extension was the best solution I found. By default, it hides every part of the Firefox GUI, including the navigation toolbar. However, I wanted to retain the basic buttons (Back, Forward, Home, etc). This can be done by adding the following line to
There is one glitch, though. In the full-screen mode, the navigation toolbar contains buttons for minimizing the window, leaving the full-screen mode, and closing Firefox. These should definitely not be displayed in kiosk mode.
The UI Tweaker extension is able to hide the buttons. The description at mozilla.org says that the extension is Windows-only, but I forced the installation in Linux and it seems to be working normally. The extension has many other options, so maybe some of them will not work under Linux. Hiding the full-screen buttons works like a charm, though.
The last step was customizing the navigation toolbar. I threw out the address bar and search bar since there is no need for them in the kiosk mode. The users should be able to leave the kiosk mode easily, so I wanted to add an “Exit” button to the toolbar. The Toolbar Buttons extension provides a pack of 95 Firefox buttons, one of which is Exit. However, since I wanted one button only, I used the great Button Maker web application to create a custom extension containing just that one button.
III. Window Manager
I used twm-kiosk, a modified version of
twm. Compilation was failing but I didn’t bother with debugging and simply used the binary supplied in the package.
/etc/X11/twm/system.twmrc and made a symlink
.twmrc from the kiosk user’s home to it.
I then created an executable script
/etc/X11/twm/kiosk-default.sh with the following content:
#!/bin/sh firefox killall twm-kiosk
twm-kiosk executes this script immediately after start-up. The
killall line is reached only after Firefox quits. By killing the window manager, the X session is terminated and the user returns back to the login screen. The Exit button in Firefox is thus effectively a logout button.
IV. Restricting Session Selection in GDM
With restrictive proxy, locked Firefox, and bulletproof window manager, there is just one measure that has to be taken: preventing the kiosk user from avoiding this restrictive environment. The GDM login manager allows each user to choose his/her session type before login (GNOME, KDE, Failsafe,…). If it were possible to choose plain GNOME instead of
twm-kiosk, all the previous work would be useless.
First, I disabled all failsafe sessions by setting the following options in
Then I removed the GNOME session by renaming
/usr/share/xsessions/gnome.desktop.disabled. This left only one option in the session menu: the Default Session. A few users in the system needed GNOME, while the kiosk user needed
twm-kiosk. I solved this problem by changing the default session to “custom”. In
/usr/share/gdm/BuiltInSessions/default.desktop, I replaced this line:
with this one:
In the custom session, the window manager is started by running the
.xsession script in the user’s home directory. So, for all the normal users, I created this
And for the kiosk user:
This concludes my mini-HOWTO. I hope it helps somebody.