Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

multi-seat kiosk . . .

Graphical Environments, Managers, Multimedia & Desktop questions.
Post Reply
Message
Author
Albretch
Posts: 7
Joined: 2008-07-14 13:54

multi-seat kiosk . . .

#1 Post by Albretch »

in addition to setting up multi-seat "terminals", how can you make sure that users can only access, say: libreoffice writer, the whole libreoffice suit, or a javaFX application serving as "View" (in a MVC kind of application) from those "terminals"?

use case: in a classroom kind of setting, only the teacher's computer should have access to the Internet

Are ACLs necessary or is a front end application tied to the session all is needed?

How do you do such a thing? Any prior art you would share?

lbrtchx

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: multi-seat kiosk . . .

#2 Post by debiman »

don't reinvent the wheel; this has been thought of & implemented (many times) before.
wht did your research find?

specialised distros exist, i hear people recommending Porteus. it also has an online image builder, maybe the features you desire can be implemented right from the start.

on second thought, it seems all you want is to restrict internet access, maybe allow only local network? that shouldn't be too hard to implement.
or simply disallow root/sudo access for users. not too hard either.

Albretch
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

#3 Post by Albretch »

[quote="debiman"] ... maybe allow only local network?[/quote]

What network are you talking about if it is a multi-seat environment? teacher needs networking, students don't, they would just use the training TaL application

I looked into [url]http://porteus-kiosk.org/[/url] and their multi user env seems to be based on networking, so it doesn't seem to be helpful

They seem to be also into selling "solutions" and I don't see a forum prominently on their site.

lbrtchx

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: multi-seat kiosk . . .

#4 Post by pylkko »

Your question is extremely vague or poorly formulated.

I want to ask a few question in order to better get a grip on what you actually want. Do you mean that these student terminals would not have their own instances of LibreOffice etc installed? So that they would "thin client"-like? and how to restrict what these remote terminals can acces on the main server?

Or do you mean that these terminals need to block access to locally installed software?

What is TaL? Moreover, what does "multi-seat" mean for you?

Why don't you just block all internet access to the terminals, i.e use e.g a firewall? I presume that you want them to be able to use some form of local networking?

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: multi-seat kiosk . . .

#5 Post by debiman »

Albretch wrote:What network are you talking about
https://en.wikipedia.org/wiki/LAN
people really need to learn to research before asking. it's the online equivalent of "think before you talk".

Albretch
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

#6 Post by Albretch »

[quote="pylkko"]Do you mean that these student terminals would not have their own instances of LibreOffice etc installed?[/quote]

Why would they need to? They have their own directories in the main seat harddrive where they can save their own stuff, but there will be only one instanced of LibreOffice installed

[quote="pylkko"]So that they would "thin client"-like? and how to restrict what these remote terminals can acces on the main server?[/quote]
[quote="pylkko"]Or do you mean that these terminals need to block access to locally installed software? Why don't you just block all internet access to the terminals, i.e use e.g a firewall?[/quote]
[quote="pylkko"]I presume that you want them to be able to use some form of local networking?[/quote]

I keep talking about multi-seat and you keep thinking about networking, probably because kiosks have been designed with networking handling their multiuser framework

[quote="pylkko"]What is TaL?[/quote]

Teaching and Learning

[quote="pylkko"]Moreover, what does "multi-seat" mean for you?[/quote]

https://en.wikipedia.org/wiki/Multiseat_configuration

Albretch
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

#7 Post by Albretch »

[quote="debiman"][quote="Albretch"]What network are you talking about[/quote]
https://en.wikipedia.org/wiki/LAN
people really need to learn to research before asking. it's the online equivalent of "think before you talk".[/quote]

Or people, need to understand a question before trying to convince them about "not reinventing the wheel" in order to sell "solutions" to someone

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: multi-seat kiosk . . .

#8 Post by Head_on_a_Stick »

Albretch wrote:ihow can you make sure that users can only access, say: libreoffice writer, the whole libreoffice suit, or a javaFX application serving as "View" (in a MVC kind of application) from those "terminals"?
I would run the terminals in individual containers but I'm paranoid :D

How about simply adjusting the $PATH of the users so that they can only run wrapper scripts for the programs listed? It wouldn't stop them calling the full path to run the program but calling the program name normally would fail.
deadbang

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: multi-seat kiosk . . .

#9 Post by debiman »

i didn't know that was possible with PC hardware.
does it actually differ from a LAN when implemented?
anyhow this subsection of the quoted article suggests some software to achieve that.

Albretch
Posts: 7
Joined: 2008-07-14 13:54

Re: multi-seat kiosk . . .

#10 Post by Albretch »

[quote="Head_on_a_Stick"][quote="Albretch"]ihow can you make sure that users can only access, say: libreoffice writer, the whole libreoffice suit, or a javaFX application serving as "View" (in a MVC kind of application) from those "terminals"?[/quote]
How about simply adjusting the $PATH of the users so that they can only run wrapper scripts for the programs listed? It wouldn't stop them calling the full path to run the program but calling the program name normally would fail.[/quote]

I think that would be the way to go. As I see things right now:

1) each seat will have its own internal stage 0 $PATH set
2) which will start a number of initial log in services
3) once a user logs in
4) a number of stage 1 wrapper scripts would among other things:
4.1) assign his/her own $HOME, and
4.2) run a number of other scripts, like starting the javaFX application with only the kind of working env they need:
4.2.1) no access to the Internet
4.2.2) their preo session where they left it
4.2.3) . . .

lbrtchx

jmgibson1981
Posts: 296
Joined: 2015-06-07 14:38
Has thanked: 11 times
Been thanked: 32 times

Re: multi-seat kiosk . . .

#11 Post by jmgibson1981 »

Not sure how you will use multiseat when you need a graphics output for each one. Only so many can be installed in a system. Depending on how many terminals you are looking at you may prefer to do something with thin clients. LTSP works great for this. I use it at home. Easy to block internet access among other things. And you can manage all systems from a single image for app control. Terminals can be managed with something called Epoptes but i have no experience with that, just have seen it referenced before. I have no doubt that you can setup an Xsession upon login to start only X and libreoffice fullscreen. Again something I have no experience with, sure it can be done though. LTSP is in big time use for schools in Greece and other countries. LTSP is in the debian repositories. Not a bought and paid for solution.

If you go this route you will need this line in your LTS.conf. Found this after much searching for my own issue. Also your lts.conf will need to reside in /opt/ltsp/"$CHROOT"/etc/ not /var/lib/tftpboot/ltsp/"$CHROOT" as instructed by the Debian wiki. I never got it to work from there.

Code: Select all

[Default]
        # this line required for debian due to a bug in nbd
        INIT_COMMAND_RM_NBD_CHECKUPDATE = "rm -rf /usr/share/ldm/rc.d/I01-nbd-checkupdate"
Imo multiseat is overcomplicated and not worth it. You are also faced with the issue of monitor cables are only so long. Your clients will all have to be bundled around the main server / workstation or whatever. If you use LTSP it works over the network. Can space them out as much as you want.

arzgi
Posts: 1185
Joined: 2008-02-21 17:03
Location: Finland
Been thanked: 31 times

Re: multi-seat kiosk . . .

#12 Post by arzgi »

Sorry, I'm late. :roll: Xfce can be configured to kiosk mode https://wiki.xfce.org/howto/kiosk_mode. And if not LTSP, then you could make smallish /bin, and make it ro.

Post Reply