One Trick Pony

Linux Kiosk systems


Wat is a "kiosk system" ?

What follows are a couple of experiments to use Linux as a kiosk system.
'Kiosk System' can mean a couple of things : It could be a computer running unattended, e.g. at an exhibition, showing a presentation or a video.
It could also be a computer running just a web browser and nothing else. That web browser could then be giving the user access to web applications. This could be part of a 'clientless VPN' sollution : a remote worker using a web browser with TLS / HTTPS to access the company's network. The company would, in that case, have to provide a web portal that gives its remote employees access to the company resources. Or just let him login to a terminal server. A computer that runs nothing but a web browser could also be used in internet cafe's, public libraries, or for the public in airports, major bus terminals, shopping malls etc.

Generally speaking, we could define "a kiosk system" as a computer that is configured to provide predefined small set of applications (often : just 1 specific application). Often, such a system will be publically accessible, i.e. whoever walks up to it will be allowed to use it, and use will be limited to that 1 specific application (i.e. the user should not be allowed to run other applications or set user preferences, let alone change system settings).

Typically, you will decide which applications the system will run, and you'll want some sort of lockdown mechanism to prevent the user from adding or using additional programs. Often, the user will log in (automatically) with a generic account, and you want prevent the user from making modifications to the user profile, or undo any such changes when the user logs out.

One possible implementation of such a (minimal) kiosk computer would be : a computer that runs (nothing but) a web browser, to provide access to a company's web application server(s).

kiosk web browser with citrix application
The web front-end of a major company's application site,
running on a cluster of Citrix Metaframe servers, and
made available on a small Linux system running nothing but Firefox Web Browser

Implementations

Kiosks are often implemented with either dedicated hardware (appliances, embedded systems), or by locking down a general purpose Windows system, the latter usually involving specilised software (e.g. WinU).

Locking down a full-featured operating system and paying license fees for both the operating system and the software that locks it down sounds like the wrong way to do this. In stead, it sounds logical that you would just set up a system that does what you need, and nothing else.

From that perspective, appliance-style kiosks -- i.e. "dedicated hardware" -- are a better idea, if you can find the one that does what you need. Then again, you'll find that often those kiosks are just custom enclosers around a general purpose computer with a custom configured operating system. So maybe this is we could build ourselves. The added value in that is that we can customize the kiosk to fit our needs exactly, and possibly get some use out of decommisioned computers that would be going to waste otherwise.

So, here are some experiments with kiosk configurations, based on (old) PCs running Linux.


Projects

Basics

Notes on

  1. Installing a minimal Linux system, laying the groundwork for your kiosk
  2. Installing and configuring Fluxbox, as a minimalistic desktop environment to run you kiosk applications

A minimal Linux system with a customized Fluxbox desktop is an excellent starting point to build your kiosk system.

the "Web Terminal"

a "web terminal", a computer that will run one and only one application : a web browser, nothing else.
Used as Online Public Access Catalogue for a public library.

the "Desktop Terminal"

a "kiosk" system that connects to a Terminal Server (Microsoft Terminal Services) or a Remote Desktop-enabled computer, over LAN or (optionally) over a VPN tunnel.

Running nothing but an rdp-client over VPN, this "terminal" can be used to provide any application to a branch office behind a low bandwith WAN link. Kind of a thin client, then.

the "internet PC"

a PC allowing web browsing, multimedia and some other applications, for the general public, e.g. in public libraries or other public computer areas.

This is an old version, based on the fvwm window manager. You might want to have a look at the "Web Terminal" or the "Desktop Terminal" (with a minimalistic Fluxbox window manager) instead, it's pretty easy to add additional applications to them.

the "Web Terminal" - old version

a computer that will run one and only one application : a web browser, nothing else.

This is an old version. You might want to have a look at the "Web Terminal" instead.

the desktop lockdown approach

To enhance the end-user experience, you may want to offer fully functional computers, with internet and multimedia, office suite, all sorts of other utilities, while at the same time applying the same kiosk principles : the user has limited rights and shouldn't be able to (permanently) modify any settings. You want a locked down desktop :

Thin clients

Some of the kiosk systems we discussed bear resemblances to "server-based computing" - you can view the kiosk as a mere terminal that connects to a server where the applications are run. This is no coincidence. See also server-based kiosks.

Extras

Notes on locking down the operating system
Bastille
system hardening : firewall, access control, network security, ...
"DeepFreeze"
A mechanism to discard any changes to the user profile and re-install a fresh, preconfigured profile for every new session
Firefox Lockdown
Configure firefox and lock the settings so it can only be used the way you wanted it

Koen Noens
October 2005