multi-seat kiosk . . .

Everything about X, Gnome, KDE, ... and everything running on it

multi-seat kiosk . . .

Postby Albretch » 2018-07-06 14:26

in addition to setting up multi-seat "terminals", how can you make sure that users can only access, say: libreoffice writer, the whole libreoffice suit, or a javaFX application serving as "View" (in a MVC kind of application) from those "terminals"?

use case: in a classroom kind of setting, only the teacher's computer should have access to the Internet

Are ACLs necessary or is a front end application tied to the session all is needed?

How do you do such a thing? Any prior art you would share?

lbrtchx
Albretch
 
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

Postby debiman » 2018-07-07 10:03

don't reinvent the wheel; this has been thought of & implemented (many times) before.
wht did your research find?

specialised distros exist, i hear people recommending Porteus. it also has an online image builder, maybe the features you desire can be implemented right from the start.

on second thought, it seems all you want is to restrict internet access, maybe allow only local network? that shouldn't be too hard to implement.
or simply disallow root/sudo access for users. not too hard either.
User avatar
debiman
 
Posts: 2499
Joined: 2013-03-12 07:18

Re: multi-seat kiosk . . .

Postby Albretch » 2018-07-09 17:03

[quote="debiman"] ... maybe allow only local network?[/quote]

What network are you talking about if it is a multi-seat environment? teacher needs networking, students don't, they would just use the training TaL application

I looked into [url]http://porteus-kiosk.org/[/url] and their multi user env seems to be based on networking, so it doesn't seem to be helpful

They seem to be also into selling "solutions" and I don't see a forum prominently on their site.

lbrtchx
Albretch
 
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

Postby pylkko » 2018-07-09 18:52

Your question is extremely vague or poorly formulated.

I want to ask a few question in order to better get a grip on what you actually want. Do you mean that these student terminals would not have their own instances of LibreOffice etc installed? So that they would "thin client"-like? and how to restrict what these remote terminals can acces on the main server?

Or do you mean that these terminals need to block access to locally installed software?

What is TaL? Moreover, what does "multi-seat" mean for you?

Why don't you just block all internet access to the terminals, i.e use e.g a firewall? I presume that you want them to be able to use some form of local networking?
User avatar
pylkko
 
Posts: 1307
Joined: 2014-11-06 19:02

Re: multi-seat kiosk . . .

Postby debiman » 2018-07-10 08:05

Albretch wrote:What network are you talking about

https://en.wikipedia.org/wiki/LAN
people really need to learn to research before asking. it's the online equivalent of "think before you talk".
User avatar
debiman
 
Posts: 2499
Joined: 2013-03-12 07:18

Re: multi-seat kiosk . . .

Postby Albretch » 2018-07-10 20:18

[quote="pylkko"]Do you mean that these student terminals would not have their own instances of LibreOffice etc installed?[/quote]

Why would they need to? They have their own directories in the main seat harddrive where they can save their own stuff, but there will be only one instanced of LibreOffice installed

[quote="pylkko"]So that they would "thin client"-like? and how to restrict what these remote terminals can acces on the main server?[/quote]
[quote="pylkko"]Or do you mean that these terminals need to block access to locally installed software? Why don't you just block all internet access to the terminals, i.e use e.g a firewall?[/quote]
[quote="pylkko"]I presume that you want them to be able to use some form of local networking?[/quote]

I keep talking about multi-seat and you keep thinking about networking, probably because kiosks have been designed with networking handling their multiuser framework

[quote="pylkko"]What is TaL?[/quote]

Teaching and Learning

[quote="pylkko"]Moreover, what does "multi-seat" mean for you?[/quote]

https://en.wikipedia.org/wiki/Multiseat_configuration
Albretch
 
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

Postby Albretch » 2018-07-10 20:19

[quote="debiman"][quote="Albretch"]What network are you talking about[/quote]
https://en.wikipedia.org/wiki/LAN
people really need to learn to research before asking. it's the online equivalent of "think before you talk".[/quote]

Or people, need to understand a question before trying to convince them about "not reinventing the wheel" in order to sell "solutions" to someone
Albretch
 
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

Postby Head_on_a_Stick » 2018-07-11 05:02

Albretch wrote:ihow can you make sure that users can only access, say: libreoffice writer, the whole libreoffice suit, or a javaFX application serving as "View" (in a MVC kind of application) from those "terminals"?

I would run the terminals in individual containers but I'm paranoid :D

How about simply adjusting the $PATH of the users so that they can only run wrapper scripts for the programs listed? It wouldn't stop them calling the full path to run the program but calling the program name normally would fail.
Charlie don't hack
User avatar
Head_on_a_Stick
 
Posts: 7635
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: multi-seat kiosk . . .

Postby debiman » 2018-07-11 12:57

Albretch wrote:https://en.wikipedia.org/wiki/Multiseat_configuration

i didn't know that was possible with PC hardware.
does it actually differ from a LAN when implemented?
anyhow this subsection of the quoted article suggests some software to achieve that.
User avatar
debiman
 
Posts: 2499
Joined: 2013-03-12 07:18

Re: multi-seat kiosk . . .

Postby Albretch » 2018-07-12 21:48

[quote="Head_on_a_Stick"][quote="Albretch"]ihow can you make sure that users can only access, say: libreoffice writer, the whole libreoffice suit, or a javaFX application serving as "View" (in a MVC kind of application) from those "terminals"?[/quote]
How about simply adjusting the $PATH of the users so that they can only run wrapper scripts for the programs listed? It wouldn't stop them calling the full path to run the program but calling the program name normally would fail.[/quote]

I think that would be the way to go. As I see things right now:

1) each seat will have its own internal stage 0 $PATH set
2) which will start a number of initial log in services
3) once a user logs in
4) a number of stage 1 wrapper scripts would among other things:
4.1) assign his/her own $HOME, and
4.2) run a number of other scripts, like starting the javaFX application with only the kind of working env they need:
4.2.1) no access to the Internet
4.2.2) their preo session where they left it
4.2.3) . . .

lbrtchx
Albretch
 
Posts: 7
Joined: 2008-07-14 13:54


Return to Desktop & Multimedia

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable