Mathematics, philosophy, code, travel and everything in between. More about me…

I write about

Kiosk Mode in Linux

This week I needed to set up a limited Linux account which could be used for web browsing only. No window management, no desktop, no menus, no other applications, just Firefox in full-screen mode. There are quite a few kiosk HOWTOs on the web, but they mostly cover setting up a kiosk-only computer. Limiting the restrictions to a single user account was a little bit different.

The following steps were tested in Ubuntu Linux. Some of the configuration files may be placed elsewhere in other distributions, but the differences will likely be minimal.

I. Setting Up Privoxy

Since the users are allowed to browse only a few selected web sites, a white-listing filter is needed. After a few unsuccessful attempts to configure the FoxFilter Firefox extension I decided to use Privoxy. I put the list of allowed web sites in /etc/privoxy/trust and enabled white-listing by uncommenting trustfile trust in /etc/privoxy/config.

To get rid of the ugly “Untrusted” message that Privoxy normally displays, I replaced the template (/etc/privoxy/templates/untrusted) with a blank page that simply redirects the user to one of the white-listed sites:

<html>
<head>
	<meta http-equiv="refresh" content="0;URL=http://www.example.com">
</head>
<body>
</body>
</html>

I also removed every other template in the directory to disable the web interface of Privoxy.

II. Locking Down Firefox

First, I set the proxy (Preferences – Advanced – Network – Settings) to localhost, port 8118. These are the default settings of Privoxy.

In disabling all the menus and toolbars of Firefox, the R-kiosk extension was the best solution I found. By default, it hides every part of the Firefox GUI, including the navigation toolbar. However, I wanted to retain the basic buttons (Back, Forward, Home, etc). This can be done by adding the following line to .mozilla/firefox/<profile directory>/prefs.js:

user_pref("rkiosk.navbar", true);

There is one glitch, though. In the full-screen mode, the navigation toolbar contains buttons for minimizing the window, leaving the full-screen mode, and closing Firefox. These should definitely not be displayed in kiosk mode.

Full-Screen Buttons

The UI Tweaker extension is able to hide the buttons. The description at mozilla.org says that the extension is Windows-only, but I forced the installation in Linux and it seems to be working normally. The extension has many other options, so maybe some of them will not work under Linux. Hiding the full-screen buttons works like a charm, though.

The last step was customizing the navigation toolbar. I threw out the address bar and search bar since there is no need for them in the kiosk mode. The users should be able to leave the kiosk mode easily, so I wanted to add an “Exit” button to the toolbar. The Toolbar Buttons extension provides a pack of 95 Firefox buttons, one of which is Exit. However, since I wanted one button only, I used the great Button Maker web application to create a custom extension containing just that one button.

III. Window Manager

I used twm-kiosk, a modified version of twm. Compilation was failing but I didn’t bother with debugging and simply used the binary supplied in the package.

I copied sample-twmrc/kiosk.twmrc to /etc/X11/twm/system.twmrc and made a symlink .twmrc from the kiosk user’s home to it.

I then created an executable script /etc/X11/twm/kiosk-default.sh with the following content:

#!/bin/sh

firefox
killall twm-kiosk

twm-kiosk executes this script immediately after start-up. The killall line is reached only after Firefox quits. By killing the window manager, the X session is terminated and the user returns back to the login screen. The Exit button in Firefox is thus effectively a logout button.

IV. Restricting Session Selection in GDM

With restrictive proxy, locked Firefox, and bulletproof window manager, there is just one measure that has to be taken: preventing the kiosk user from avoiding this restrictive environment. The GDM login manager allows each user to choose his/her session type before login (GNOME, KDE, Failsafe,…). If it were possible to choose plain GNOME instead of twm-kiosk, all the previous work would be useless.

First, I disabled all failsafe sessions by setting the following options in /etc/X11/gdm/gdm.conf:

ShowGnomeFailsafeSession=false
ShowXtermFailsafeSession=false

Then I removed the GNOME session by renaming /usr/share/xsessions/gnome.desktop to /usr/share/xsessions/gnome.desktop.disabled. This left only one option in the session menu: the Default Session. A few users in the system needed GNOME, while the kiosk user needed twm-kiosk. I solved this problem by changing the default session to “custom”. In /usr/share/gdm/BuiltInSessions/default.desktop, I replaced this line:

Exec=default

with this one:

Exec=custom

In the custom session, the window manager is started by running the .xsession script in the user’s home directory. So, for all the normal users, I created this .xsession:

/usr/bin/gnome-session

And for the kiosk user:

/opt/bin/twm-kiosk

This concludes my mini-HOWTO. I hope it helps somebody.

March 1, MMIX — Linux.