April 10, 2008Kiosk Lockdown Using Firefox, Ubuntu and BlackboxNice writeup on configuring Linux browser lockdown under Ubuntu with Blackbox window manager. This install also sets up Apache,PHP and MySQL locally so app can be web-based but not necessarily connected to the Internet. Firefox is the browser engine and writer uses R-Kiosk extension for full-screen customization. Flexing My Kerkness: Creating a Touch Screen Kiosk using Firefox, Ubuntu and Blackbox Wednesday, April 9, 2008 Several of the components and posts on this web site have revolved around a business project I've been working on which involves creating a touch screen kiosk for use in a public space. I thought it might be beneficial (at least from my own documenting needs) to provide a post covering the overall process of getting a secure touch screen system up running. The easiest way to build a kiosk application is to customize a web page to serve as the kiosk interface. Launch the web page in a browser and set the browser to run in full screen mode and voila, instant kiosk. To turn it into a touch screen kiosk all you need to do is buy an LCD touch screen monitor and your all set. This basic solution might work fine if you're always standing next to the computer and can enable full screen mode every time it reboots and also stop anyone from mucking around with your computer should the browser crash and they get access to the desktop. Setting up a kiosk which can run in a public space and have reasonable enough security to prevent someone from mucking around with it should the browser crash or computer crash takes a little more thought. I've addressed the overall solution in two parts. 1) The server/host computer 1) The Server / Host Computer The computer used to host a touch screen application needs some thoughtful consideration. You want something that will offer good reliable performance and also prevent anyone who might be feeling a little malicious from causing the computer or your application any harm. My touch screen system does NOT have a keyboard attached to it which certainly helps in providing a certain level of security but I still need to take steps to make sure the user cannot get access to the desktop, general file system or any application other than the Firefox browser. For my solution I decided to run Ubuntu 7.10 and use Blackbox as the default desktop environment. Ubuntu allows me to run an apache http server as well as mysql locally. This keeps the application running very fast, provides me with dynamic data and requires no internet connection. Your kiosk application could be simple straight HTML running locally or running off a remote web server whatever suits your needs. Using Ubuntu (or really any flavor of linux you're comfortable with) keeps your kiosk highly customizable. Using the Blackbox windows manager instead of the default Gnome or KDE desktop environment allows me to lockout the user from accessing anything other than Firefox and keeps your kiosk as a light weight, fast computer with a single focus. How to set up the server/host computer 1. Download and install Ubuntu 7.10 2. Install Apache, PHP5 and MySQL (Optional) 3. Create a limited user account To create this account log into Ubuntu using the account you created during install and select : System > Administration > Users and Groups From the User settings window select: Add User From the New User Account window fill in the Basic Settings for your user. For the purpose of this example we will use the username: touchuser. After you've provided a user name and and password select the User Privileges tab. Unselect all options which are not a requirement of your touch screen application. For my application I blocked access to all external hard drives, cdroms, floppies and log monitors. 4. Install Blackbox Window Manager To install blackbox open up the terminal and type the following command. sudo apt-get install blackbox blackbox-themes Next we need to create a .blackboxrc file and a .blackbox directory. These will be used to define our configuration settings for our desktop and define what applications touchuser has access to. Note: we are going to do this in the home directory of the touchuser account not the account we are logged in as. After we create the file and directory we set permissions on them. sudo mkdir /home/touchuser/.blackbox 5. Define the .blackboxrc File session.styleFile: /usr/share/blackbox/styles/Gray
6. Create the Blackbox menu file Enter the following commands into the terminal to create the menu file and set appropriate permissions. sudo touch /home/touchuser/.blackbox/menu To limit our menu to only provide access to Firefox open up the menu file and add the following. [begin] (ArtTouch) For more details on configuring blackbox and creating menus see the blackbox wiki 7. Install iDesk To install iDesk open a terminal and provide the following command sudo apt-get install idesk Once iDesk is installed we need to create an .ideskrc file for configuration settings and create an .idesktop folder where we can define our icons. sudo touch /home/touchuser/.ideskrc Next open up the .ideskrc file and add the following table Config This is a very minimal use of iDesk configuration options for more see the iDesk Usage Wiki 8. Create an Icon and define icon commands sudo touch /home/touchuser/.idesktop/touchicon.lnk Open the touchicon.lnk file and add the following. Adjust 'caption', 'tooltip', 'width', 'height' and 'x/y' coordinates to suit your needs. table Icon 9. Create Blackbox startup script Create a file called .bbstartup.sh in your touchuser's home directory sudo touch /home/touchuser/.bbstartup.sh Add the following to the .bbstartup.sh file #!/bin/sh Now we need to change the path of exec blackbox in /usr/share/xsessions/blackbox.desktop. Start by making a backup sudo cp /usr/share/xsessions/blackbox.desktop /usr/share/xsessions/blackbox.desktop_backup Edit /usr/share/xsessions/blackbox.desktop and make the following changes to Exec and TryExec definitions [Desktop Entry] 10. Set Auto-login and define Blackbox as default window manager Open the Login Window Preferences by selecting: System > Administration > Login Window Under the General tab select 'Blackbox' for default session. Hopefully after all that you should now have a basic set up to run a kiosk. When the computer boots it should load directly to a Blackbox desktop that allows the user to launch Firefox and only Firefox. In the next step of the process we are going to modify a few settings in Firefox to make sure it loads our touch screen application as it's homepage and automatically launches in full screen mode when the computer boots up. NOTE: If the computer is running in kiosk mode and you want to be able to login as your super user and get back to a fully functional Gnome desktop all you need to do is plug in a keyboard and press CTRL + ALT + BACKSPACE. This will kill the Blackbox session and bring you to the Ubuntu login screen. 2) The Browser Now that we have our host computer set up and running we'll want to make a few small changes to the preferences of our Firefox browser so that it performs well as a kiosk client. 1. Set the Home Page 2. Disabling session restore Find the preference settings for browser.sessionstore.resume_from_crash and browser.sessionstore.resume_session_once and set their values to false. 3. Getting the browser to automatically launch in fullscreen mode. The one I recommend is R-Kiosk. For the pure purpose of running a web based Kiosk it does a very good job. While logged in as 'touchuser' Visit this link in Firefox and click the 'Add To Firefox' button. NOTE: After this component is added to Firefox you'll be unable to make any preference or configuration changes to Firefox unless you launch it in safe mode. For information on how to run Firefox in safe mode, visit this link. 4. Setting the browser to automatically launch after boot This is very simple to accomplish by adding one line to the Blackbox startup script we created in step 9 when setting up the host computer. You'll need to log into Ubuntu as the user you defined during install for this step. Open /user/touchuser/.bbstartup and add the following line #!/bin/sh
References for this setup can be found at the following links. |