DeepFreeze

This is part of an exercise to use Linux as a kiosk system. '

Deep Freeze

DeepFreeze is a commercial product to restore a computer's configuration to a predefined state, i.e. you configure a system, 'deep freeze' it, and then at every system startup, that state is restored no matter what happened during the previous session. .

Linux doesn't require extensive lockdown / deepfreeze features, because a regular user has no write access and only limited read access outside his own home directory. This means a regular user can't modify system files, install software, and so on. Basically, what we have to do is

1. set sane system-wide defaults
2. prevent tricks the user might apply to get access to system files (see further)
3. backup a preconfigured /home/$USER directory (preserving file permissions !), then restore it so all previous changes to user preferences (including changes to the user-specific hidden config files) get undone by the clean original.
4. if required, make files in the user home directory read-only to the user, so the defaults can't be modified by the user

So, Deepfreeze is rather a Windows thing, but a guy named lukeprog found a way to mimic DeepFreeze on Linux by wrapping a clean, preconfigured user home directory in a tarbal (preserves file permissions), and unpacking it again.

	# backup and restore user home
	# original idea and script by lukeprog - 2006-06-08 11:19
	# http://www.linuxquestions.org/linux/answers/Applications_GUI_Multimedia/Deepfreeze_for_Linux
	# modified :
	# koen noens :  combine backup an restore in 1 script
	#		added test to create /home/.default
	# 
	#

	if [ ! -e  /home/.default ]; then
		mkdir /home/.default
		chmod ....   [permissions !!]
	fi
	
	case "$1" in
    		"backup")
         		echo backing up user profile /home/kioskuser ;
			rm -f /home/.default/clean_kioskuser.tar ;
			tar -cpPf /home/.default/clean_kioskuser.tar /home/kioskuser ;
         	;;
   

		"restore")
         		echo restoring user profile /home/kioskuser;
			rm -fR /home/kioskuser ;
			tar -xpPf /home/.default/clean_kioskuser.tar ;
         	;;


    		*)
         	echo USAGE: $0 backup | restore;
         	;;
	esac
	

It's fairly easy to do this at system startup, using init scripts. What if we want to also do this when the kiosk user logs out, and a new customer (using the same account) logs on ? The restore-script and the tarbal would have to be in a location the kioskuser has access to, the script needs to be executable by the kiosk user, and at the same time we don't want the script nor the tarbal to be modified by the kioskuser. It also needs to run at a logon / logout, not a reboot, so an init script is not an option ...

We could instead create a standard kioskuser home directory on a remote server, and synchronise (rsync) the kioskuser's home directory with it. This could include options to remove files and undo changes on the kiosk system, and can be run at boot, when the kiosk user logs on, or in scheduled jobs.

scheduled jobs can be managed by setting the appropriate synchronisation commands (or a single script that assembles them) in a cron or at job. For a "deepfreeze" script tu run every time a user logs in, we'd need to look at the gnome startup scripts.

Gnome provides for scripts to be run at login or logout. The effect, for our purpose, is similar : a profile (re-)set at logout will re-initialize the profile for the next user just as a login script would. However, it will not run if a session is terminated abnormally, so we prefer profile initialization at login time.

What we'll do is rsync /etc/desktop-profiles, and apply them. rsync is very efficient (it only transfers delta, the difference between two files, in stead of copying entire files, so minor changes can be implemented in fractions of seconds. Then we'll apply the profile again.

UPDATE : Gofris, reset user home directory, similar to the DeepFreee program for Windows.