Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Software] Public PC

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
Bhirus
Posts: 1
Joined: 2023-02-07 19:11

[Software] Public PC

#1 Post by Bhirus »

Hi.
I installed debian 11 on 4 computers in a public library. The problem is that I don't want the users to see the wifi configuration, nor the name nor the password.
Autologin user its configured, I googled and I found a solution its to disable networkmanager, but this option disabled all the connections.
I would like to prevent the users can see wifi password.

Best regards.

dlu2021
Posts: 198
Joined: 2021-08-13 19:55
Location: Minnesota
Has thanked: 7 times
Been thanked: 37 times

Re: [Software] Public PC

#2 Post by dlu2021 »

If I were doing that, I would uninstall network-manager and then hard code the wifi settings into the /etc/network/interfaces file, which you will have to edit as root, something like below:

iface WFA inet dhcp
wpa-ssid SSID
wpa-psk ”PSK”

WFA is the wifi adaptor name (which you can get from "ip a" in the terminal)
SSID is the SSID of the network without quotes.
PSK is the password of the network with quotes.

only_someone
Posts: 24
Joined: 2023-01-24 22:12
Has thanked: 3 times

Re: [Software] Public PC

#3 Post by only_someone »

This is not a direct answer to your question, but maybe you can configure the desktop environment you are using to block settings for a user. But you would also have to find a way to prevent users from breaking out of the desktop environment with Ctrl+Alt+F1.

Some desktop environments have the possibility to set up a "kiosk" mode which could be helpful for you. I have done something like this only with KDE but not very comprehensive. but i can give you this link [1] for KDE. If i remember right, XFCE and GNOME for example has also such a function.

-------
[1] https://develop.kde.org/deploy/kiosk/introduction/

lindi
Debian Developer
Debian Developer
Posts: 412
Joined: 2022-07-12 14:10
Has thanked: 1 time
Been thanked: 77 times

Re: [Software] Public PC

#4 Post by lindi »

A library machine should be configured so that it always boots from a read-only clean state. Otherwise the system will soon be full of personal information.

You ca probably use polkit to prevent the normal user from accessing networkmanager settings. By default users on active sessions on local consoles can see network info.

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: [Software] Public PC

#5 Post by kent_dorfman766 »

to continue what was said above, unless they need adhoc command entry capabilities you shouldn't allow them a shell at all, but instead force the autologin user to always execute a browser upon startup. You can set that up by changing the shell field in the /etc/password file

lindi
Debian Developer
Debian Developer
Posts: 412
Joined: 2022-07-12 14:10
Has thanked: 1 time
Been thanked: 77 times

Re: [Software] Public PC

#6 Post by lindi »

There are many ways to gain access to the shell even from the browser.

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2029
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 139 times
Been thanked: 206 times

Re: [Software] Public PC

#7 Post by Hallvor »

I am just thinking out loud here: What if one set up a custom keymap in KDE without any of the hazardous combinations?

Perhaps also add AllowRootLogin=false to /etc/sddm.conf ?
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

User avatar
kalle123
Posts: 346
Joined: 2015-03-21 11:17
Location: Rhineland - Germany
Has thanked: 4 times
Been thanked: 11 times

Re: [Software] Public PC

#8 Post by kalle123 »

You could have a look at https://porteus-kiosk.org/

Regards KH

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: [Software] Public PC

#9 Post by kent_dorfman766 »

the "UNIX way" way is to change the user shell to a program that you trust. They can't break out of it if it dont' allow system() or exec*() calls.

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2029
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 139 times
Been thanked: 206 times

Re: [Software] Public PC

#10 Post by Hallvor »

kent_dorfman766 wrote: 2023-02-09 21:34 the "UNIX way" way is to change the user shell to a program that you trust. They can't break out of it if it dont' allow system() or exec*() calls.
Something like this? Perhaps also make it read only?

Code: Select all

# chsh -s /path/to/my/trusted/program hallvor

# chmod 555 /path/to/my/trusted/program
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

Post Reply