Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Software] Public PC
[Software] Public PC
Hi.
I installed debian 11 on 4 computers in a public library. The problem is that I don't want the users to see the wifi configuration, nor the name nor the password.
Autologin user its configured, I googled and I found a solution its to disable networkmanager, but this option disabled all the connections.
I would like to prevent the users can see wifi password.
Best regards.
I installed debian 11 on 4 computers in a public library. The problem is that I don't want the users to see the wifi configuration, nor the name nor the password.
Autologin user its configured, I googled and I found a solution its to disable networkmanager, but this option disabled all the connections.
I would like to prevent the users can see wifi password.
Best regards.
-
- Posts: 198
- Joined: 2021-08-13 19:55
- Location: Minnesota
- Has thanked: 7 times
- Been thanked: 37 times
Re: [Software] Public PC
If I were doing that, I would uninstall network-manager and then hard code the wifi settings into the /etc/network/interfaces file, which you will have to edit as root, something like below:
iface WFA inet dhcp
wpa-ssid SSID
wpa-psk ”PSK”
WFA is the wifi adaptor name (which you can get from "ip a" in the terminal)
SSID is the SSID of the network without quotes.
PSK is the password of the network with quotes.
iface WFA inet dhcp
wpa-ssid SSID
wpa-psk ”PSK”
WFA is the wifi adaptor name (which you can get from "ip a" in the terminal)
SSID is the SSID of the network without quotes.
PSK is the password of the network with quotes.
-
- Posts: 24
- Joined: 2023-01-24 22:12
- Has thanked: 3 times
Re: [Software] Public PC
This is not a direct answer to your question, but maybe you can configure the desktop environment you are using to block settings for a user. But you would also have to find a way to prevent users from breaking out of the desktop environment with Ctrl+Alt+F1.
Some desktop environments have the possibility to set up a "kiosk" mode which could be helpful for you. I have done something like this only with KDE but not very comprehensive. but i can give you this link [1] for KDE. If i remember right, XFCE and GNOME for example has also such a function.
-------
[1] https://develop.kde.org/deploy/kiosk/introduction/
Some desktop environments have the possibility to set up a "kiosk" mode which could be helpful for you. I have done something like this only with KDE but not very comprehensive. but i can give you this link [1] for KDE. If i remember right, XFCE and GNOME for example has also such a function.
-------
[1] https://develop.kde.org/deploy/kiosk/introduction/
-
- Debian Developer
- Posts: 412
- Joined: 2022-07-12 14:10
- Has thanked: 1 time
- Been thanked: 77 times
Re: [Software] Public PC
A library machine should be configured so that it always boots from a read-only clean state. Otherwise the system will soon be full of personal information.
You ca probably use polkit to prevent the normal user from accessing networkmanager settings. By default users on active sessions on local consoles can see network info.
You ca probably use polkit to prevent the normal user from accessing networkmanager settings. By default users on active sessions on local consoles can see network info.
- kent_dorfman766
- Posts: 535
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 57 times
- Been thanked: 70 times
Re: [Software] Public PC
to continue what was said above, unless they need adhoc command entry capabilities you shouldn't allow them a shell at all, but instead force the autologin user to always execute a browser upon startup. You can set that up by changing the shell field in the /etc/password file
- Hallvor
- Global Moderator
- Posts: 2029
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 139 times
- Been thanked: 206 times
Re: [Software] Public PC
I am just thinking out loud here: What if one set up a custom keymap in KDE without any of the hazardous combinations?
Perhaps also add AllowRootLogin=false to /etc/sddm.conf ?
Perhaps also add AllowRootLogin=false to /etc/sddm.conf ?
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
- kent_dorfman766
- Posts: 535
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 57 times
- Been thanked: 70 times
Re: [Software] Public PC
the "UNIX way" way is to change the user shell to a program that you trust. They can't break out of it if it dont' allow system() or exec*() calls.
- Hallvor
- Global Moderator
- Posts: 2029
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 139 times
- Been thanked: 206 times
Re: [Software] Public PC
Something like this? Perhaps also make it read only?kent_dorfman766 wrote: ↑2023-02-09 21:34 the "UNIX way" way is to change the user shell to a program that you trust. They can't break out of it if it dont' allow system() or exec*() calls.
Code: Select all
# chsh -s /path/to/my/trusted/program hallvor
# chmod 555 /path/to/my/trusted/program
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD