This is part of an experiment to use Linux as a kiosk system. 'Kiosk System' can mean a couple of things. The setup described here extends the Web only kiosk computer and the Multimedia Internet Computer described earlier.
What if a web browser is not enough : e.g. what if we want to allow users to download files from the internet an need to offer an application to open them (word doc, spreadsheets, (powerpoint presentations) ...). Not all of these can be covered with plug-ins and add-ons. One could argue that information on the web should be in a 'browser-compatible' format - but that's in that ideal world far, far away from here - and probably a parallel universe anyway. The Web I know is littered with Word documents, Microsoft Excel Spreadsheets, Powerpoint Presentations ... Sure, OpenOffice can handle those no problem - but then the web kiosk pc should have OpenOffice installed.
Also - if our kiosk is an internet pc in a public library or a cybercafe, we may want to allow the users to print information, or save it to (usb) disks etc. So we'll provide access tp printers and (possibly bootable) media, auto-mounted devices, ...
enter the KDE Kiosktool : the KDE Desktop to allow all that functionality in a user-friendly manner, the kiosktool to set it up so that it can be used sysadmin-friendly in a kiosk situation. In fact, this is yet another 'lockdown' scenario, but this time it's policy based : you enable a general rule such as "don't allow the user to see files outside the his home directory" and you count on the kiosktool / policy tool to implement it correctly. Which it most likely will for applications that are part of the desktop environment (KDE), but not necessarily for other applications you might have added. So some other precautions may be needed as well.
While KDE Kiosk Admin Tool will allow us to lock down the desktop, what we are actually doing is install a lot of software that comes with KDE (a console, a GUI for system administration, a GUI tool for desktop configuration, ...) that we rather don't let users play with - then prevent them from using it by configuring the Kiosk Mode. Apart from the overhead, it's easy to miss something here - 2 reasons while the opposite approach might make more sense : create a GUI with only the functionality the user needs. This is explained in the Kiosk PC : internet multimedia setup.
Still, if you want to offer a full-featured desktop and manage it policy-based, you can do worse than with KDE Kiosktool. Here's how to set it up. We'll first look at how to install he kiosk tool and then investigate how we can propagate the same profiles on multiple computers with minimal effort.
What follows is based on Kubuntu (Ubuntu edition build around KDE), but should work equally well on other Debian-based systems with KDE, or other Linux systems (although in the latter case, file locations and commands might differ from what's described here).
Install KDE :
apt-get install kiosktool
Run kiosktool from the KDE Menu. You'll be presented with a Wizard-style GUI where you, component by component, set a configuration setting for a range of desktop components : allow or forbid menu-editing, prevent running applications that require root access, ... All system settings that are accessible from the KDE System Settings menu can be configured, and locked (if you don't lock them, they become user-modifiable defaults).
You can create a number of profiles, an assign them to (groups of) users so that you can diversify, or create just one lockdown profile that you apply to the account that will use the kiosk.
It's a lot of clicking, it's easy to miss and overlook something, it may be hard to reproduce, and it needs serious testing (or probably : trail and error) both for : can the user do everything he's supposed to ? (print ? etc ) and : is every hole plugged ? That's the main disadvantage of this 'everything normal except what has been configured to be different' approach. Although, on first sight, by creating a user without shell access and editing the menus so only allowed applications are visible, you're already half way there. Some additional settings (no access to programs that require root, no access to the filesystem, ...) is, imho, a serious disadvantage when you want to create a kiosk system : a machine that is dedicated to a very limited, well defined set of applications and will be left unsupervised. Personally, I'd prefer a "block everything, turn on what's needed" approach.
Configuring kdm login manager is NOT included in KDE kiosktool, because these settings are not part of a user profile. Still, you might want to review them, either to set some sensible defaults (auto-login for your kiosk user, don't show a list of user names, ...) or to see if the login manager offers access to actions you don't want the kiosk user to execute.
Locking down a desktop is not enough to lock down a system. Have a look at these general precautions + a deepfreeze mechanism. You don't really need a complex deepfreeze with kiosktool : it's possible to start with a fresh, blank home directory every time the user logs on, and the kiosktool will insert the required files when the user logs on. You may consider protecting the BIOS, boot menu, etc. to prevent the user from circumventing the limitations of the locked down desktop.
Given that we want to create a number of kiosk pc's, we will want to reproduce this configuration without room for human error so we'll have to look for a way to automate this. This is relatively easy. You need the following files copied over to each target system :
The copying can be done through ssh / scp, by putting them on a web server and wget them, or by packaging them in a debian package and "install" them. Combine this with a script for some additional maintenance (system lockdown, deepfreeze, ...).
The actual profile settings are in text files in /etc/kde-profile/profile_name. The other kiosk config files serve to assign profiles to users, and other system administration.
The files in /etc/kde-profile/profile_name contain values for configurable options of the KDE desktop and its applications. The lock-down is done by marking the config files, sections thereof, or keywords there-in, 'unchangeable' by adding [$i] at the top of the file, after a section title, or behind a keyword.
It is thus also possible to edit the profile files by hand - the kiosk Admin tool is merely a tool to edit configuration files and to assign profiles to users. A description of configurable options and configuration files can be found in the KDE Kiosk Admin Tutorial.
alternative : something similar with Gnome