Single purpose

Single purpose

[Scott Taylor]

Hello admins,

I have a client that wants a workstation that can do only one thing:
connect a browser to a website and that is all.  Only the one website too.
 I'm thinking something with Squid, maybe, or some IPTables entry, on a
stand alone workstation (probably CentOS).

Does that sound do-able?

Any suggestions?

Auto login to Gnome, or maybe a simple desktop like TWM, would be nice
too, if that is possible.

Cheers for any advice.

--
Scott

Re: Single purpose

[shane]

Sounds like you want a kiosk solution, google would be good for all of 
the relevant docs.

Scott Taylor wrote:
> Hello admins,
>
> I have a client that wants a workstation that can do only one thing:
> connect a browser to a website and that is all.  Only the one website too.
>  I'm thinking something with Squid, maybe, or some IPTables entry, on a
> stand alone workstation (probably CentOS).
>
> Does that sound do-able?
>
> Any suggestions?
>
> Auto login to Gnome, or maybe a simple desktop like TWM, would be nice
> too, if that is possible.
>
> Cheers for any advice.
>
> --
> Scott
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>
>
>   

Re: Single purpose

[Scott Taylor]

On Sat, July 15, 2006 13:28, shane@hostgator.com wrote:
> Sounds like you want a kiosk solution, google would be good for all of
> the relevant docs.

So that's what you call it.  You are right, there is a lot of stuff on
Google about Kiosks.  Any preferences?

Has anyone set up a "Kiosk" that would like to share some wisdom?

In case anyone missed the original message, I need to set up a workstation
that will only allow a user to connect to a specific web site and
shouldn't be able to do anything else.

Cheers.

--
Scott

Re: Single purpose

[chuck gelm]

Hi, Scott:

I am not sure about 'wisdom', but here is a thought.
How large is the 'specific web site' and how often does
the data change?  Perhaps a local copy of the website
would suffice if the amount of data is small.  Would an
image of the 'SWS' fit on a DVD/R?

 How often does the data on the SWS change?
If seldom and the data is small (<4.7 GB), a local
DVD/R might work.

Or, perhaps the data returned from the SWS is
dynamic and this will not work.

What, more exactly, do you need?

HTH, Chuck

Scott Taylor wrote:

>On Sat, July 15, 2006 13:28, shane@hostgator.com wrote:
>  
>
>>Sounds like you want a kiosk solution, google would be good for all of
>>the relevant docs.
>>    
>>
>
>So that's what you call it.  You are right, there is a lot of stuff on
>Google about Kiosks.  Any preferences?
>
>Has anyone set up a "Kiosk" that would like to share some wisdom?
>
>In case anyone missed the original message, I need to set up a workstation
>that will only allow a user to connect to a specific web site and
>shouldn't be able to do anything else.
>
>Cheers.
>
>--
>Scott
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>  
>

Re: Single purpose

[Scott Taylor]

On Mon, July 17, 2006 08:18, chuck gelm wrote:
> Hi, Scott:
>
> I am not sure about 'wisdom', but here is a thought.
> How large is the 'specific web site' and how often does
> the data change?  Perhaps a local copy of the website
> would suffice if the amount of data is small.  Would an
> image of the 'SWS' fit on a DVD/R?
>
>  How often does the data on the SWS change?
> If seldom and the data is small (<4.7 GB), a local
> DVD/R might work.
>
> Or, perhaps the data returned from the SWS is
> dynamic and this will not work.

You're right.  That wouldn't work.

> What, more exactly, do you need?

I need a workstation that can not be changed, in any way, by users, and
they need to access a corporate web site, and nothing else.  That is all,
and nothing more.

Thanks just the same.

--
Scott

Re: Single purpose

[chuck gelm]

Hi, Scott:

 'What, more exactly, do you need? ' like:

On what network is the (kiosk) workstation (local, public, private) ?
Is the workstation is on the same network as the
'corporate web site' ?

 Seems like a firewall using IPTABLES would suffice.
Restrict the network to only the IP address of the
'corporate web site'. Only allow port 80 (http).

  Remove all uneeded applications
and services.  I assume that most 'kiosks' are very much
like this.  Did you find 'kiosk' examples that do not
meet your needs?  If yes, what parts do not meet
your needs?

HTH, Chuck

Scott Taylor wrote:

>On Mon, July 17, 2006 08:18, chuck gelm wrote:
>  
>
>>Hi, Scott:
>>
>>I am not sure about 'wisdom', but here is a thought.
>>How large is the 'specific web site' and how often does
>>the data change?  Perhaps a local copy of the website
>>would suffice if the amount of data is small.  Would an
>>image of the 'SWS' fit on a DVD/R?
>>
>> How often does the data on the SWS change?
>>If seldom and the data is small (<4.7 GB), a local
>>DVD/R might work.
>>
>>Or, perhaps the data returned from the SWS is
>>dynamic and this will not work.
>>    
>>
>
>You're right.  That wouldn't work.
>
>  
>
>>What, more exactly, do you need?
>>    
>>
>
>I need a workstation that can not be changed, in any way, by users, and
>they need to access a corporate web site, and nothing else.  That is all,
>and nothing more.
>
>Thanks just the same.
>
>--
>Scott
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>  
>

Re: Single purpose

[Glynn Clements]

Scott Taylor wrote:

> I have a client that wants a workstation that can do only one thing:
> connect a browser to a website and that is all.  Only the one website too.
>  I'm thinking something with Squid, maybe, or some IPTables entry, on a
> stand alone workstation (probably CentOS).
> 
> Does that sound do-able?
> 
> Any suggestions?
> 
> Auto login to Gnome, or maybe a simple desktop like TWM, would be nice
> too, if that is possible.

If you only need a browser, there's no reason for GNOME/KDE; you
probably still need a window manager to deal with dialogs and pop-ups.

iptables will be sufficient to limit network access, although there
are still issues like file: URLs (unless you can configure the browser
to block those).

For preventing modifications, you can restore the account's home
directory from a backup on login/logout.

The account should only need write access to the browser's cache
directory. You can disable write access to the home directory itself
(to prevent the creation of "dot" files), and to most files and
directories within the home directory.

Most system files and directories would only need group access for a
group which includes all system accounts but not the user account
(i.e. no world-read/write/execute access). Directories containing
files which the account has to be able to read (e.g. /etc, /tmp) only
need world-execute permission, not read permission.

chroot would provide more control, but probably isn't practical for an
X application.

Other than that, a Google searches for linux+kiosk and
linux+browser+kiosk turns up plenty of hits, showing several distinct
kiosk projects.

-- 
Glynn Clements <glynn@gclements.plus.com>

Re: Single purpose

[Gustavo Guillermo Pérez]

El Sábado, 15 de Julio de 2006 15:04, Scott Taylor escribió:
> Hello admins,
>
> I have a client that wants a workstation that can do only one thing:
> connect a browser to a website and that is all.  Only the one website too.
>  I'm thinking something with Squid, maybe, or some IPTables entry, on a
> stand alone workstation (probably CentOS).
>
> Does that sound do-able?
Yes of course
> Any suggestions?
Reasemble some kind of live distro, not just CentOs, like knoppix or Gentoo 
Live DVD. Remove default gateway and add the name resolution of your webpage 
to /etc/hosts, and of course add route just only for this webpage.

I use to do it on my systems, and for me like other people suggest, a DVD4.3GB 
is enough, no hard drive involved. or PXEBoot if you are on some kind of lan.

:)
-- 
Gustavo Guillermo Pérez
Compunauta uLinux
www.compunauta.com
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Single purpose

[Gustavo Guillermo Pérez]

El Sábado, 15 de Julio de 2006 15:04, Scott Taylor escribió:
> Hello admins,
>
> I have a client that wants a workstation that can do only one thing:
> connect a browser to a website and that is all.  Only the one website too.
>  I'm thinking something with Squid, maybe, or some IPTables entry, on a
> stand alone workstation (probably CentOS).
>
> Does that sound do-able?
Yes of course
> Any suggestions?
Reasemble some kind of live distro, not just CentOs, like knoppix or Gentoo 
Live DVD. Remove default gateway and add the name resolution of your webpage 
to /etc/hosts, and of course add route just only for this webpage.

I use to do it on my systems, and for me like other people suggest, a DVD4.3GB 
is enough, no hard drive involved. or PXEBoot if you are on some kind of lan.

:)
-- 
Gustavo Guillermo Pérez
Compunauta uLinux
www.compunauta.com
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Single purpose

[Stephen Samuel]

Gustavo Guillermo Pérez wrote:
> El Sábado, 15 de Julio de 2006 15:04, Scott Taylor escribió:
>   
>> Hello admins,
>>
>> I have a client that wants a workstation that can do only one thing:
>> connect a browser to a website and that is all.  Only the one website too.
>>  I'm thinking something with Squid, maybe, or some IPTables entry, on a
>> stand alone workstation (probably CentOS).
>>
>> Does that sound do-able?
>>     
> Yes of course
>   
>> Any suggestions?
>>     
> Reasemble some kind of live distro, not just CentOs, like knoppix or Gentoo 
> Live DVD. Remove default gateway and add the name resolution of your webpage 
> to /etc/hosts, and of course add route just only for this webpage.
>
> I use to do it on my systems, and for me like other people suggest, a DVD4.3GB 
> is enough, no hard drive involved. or PXEBoot if you are on some kind of lan.
>
> :)
>   
in /cdrom/KNOPPIX/knoppix.sh , you can also turn off the shells on the 
consoles
(by replacing /etc/inittab) and change /etc/sudoers so that other stuff 
isn't available.
Since you ONLY want to be able to run the browser, then you may also 
want to run a more
limited desktop (like fvwm), and remove all of the mouse options. 
That'll make it reasonably
difficult to run anything other than the browser.

You might even set it up so that the browser is restarted whenever it dies.

Also note that, if you want a minimal system, you can set the 
workstation to pxeboot
and export the knoppix image from another UNIX workstation (I've had it 
running off
of both a knoppix box and an old FreeBSD box). Most cheap motherboards 
these days
allow you to pxeboot off of the built-in ethernet. That way you have a 
machine with
zero mechanical other than the fans and no way to boot strangely other 
than guessing
the BIOS password.

-- 
Stephen Samuel +1(778)861-7641             samnospam@bcgreen.com
		   http://www.bcgreen.com/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html