Scott Taylor wrote: > I have a client that wants a workstation that can do only one thing: > connect a browser to a website and that is all. Only the one website too. > I'm thinking something with Squid, maybe, or some IPTables entry, on a > stand alone workstation (probably CentOS). > > Does that sound do-able? > > Any suggestions? > > Auto login to Gnome, or maybe a simple desktop like TWM, would be nice > too, if that is possible. If you only need a browser, there's no reason for GNOME/KDE; you probably still need a window manager to deal with dialogs and pop-ups. iptables will be sufficient to limit network access, although there are still issues like file: URLs (unless you can configure the browser to block those). For preventing modifications, you can restore the account's home directory from a backup on login/logout. The account should only need write access to the browser's cache directory. You can disable write access to the home directory itself (to prevent the creation of "dot" files), and to most files and directories within the home directory. Most system files and directories would only need group access for a group which includes all system accounts but not the user account (i.e. no world-read/write/execute access). Directories containing files which the account has to be able to read (e.g. /etc, /tmp) only need world-execute permission, not read permission. chroot would provide more control, but probably isn't practical for an X application. Other than that, a Google searches for linux+kiosk and linux+browser+kiosk turns up plenty of hits, showing several distinct kiosk projects. -- Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx> - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
