Porteus Kiosk Edition v2.0 feedback

Share your opinion about Porteus Kiosk Edition.
Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#76 by Pyriana » 30 May 2013, 01:41

First of all, thanks for this amazing linux distro with a relatively easy Kiosk mode.

I have a couple questions. I am trying to load a local web page on porteus, but I do not want it loaded in memory. (it's 20 gigs, bunch of videos and such), if I put it in rootcopy it seems to be trying to load it in ram. And this old computer with 512mb of ram and a 40gb hard drive is having a tough time with that. (Clearly, lol) I've tried putting it on the hard drive after it's been imaged and it doesn't appear to be editable. I've included it in the image inside rootcopy and re-compiled the image (I had to modify the script to use -joliet-long while making the ISO because the web page names get quite lengthy), and that seems a bust. Each time I create a new 20gb iso it takes a couple hours so after 6 or 7 iterations I'm trying to narrow down my search on how to get this resolved. Will putting it in the /porteus directory work?

My father and I, are trying to pilot a program to provide a secure means of secondary education within correctional facilities. And this kiosk seems near perfect. If this goes well, it could become state wide or even possibly nation wide. All without costing much beyond the cost of the hardware.

Along that vein, are there any things I should add to this to make it more secure? The kiosks will, at least initially, not be online. But if we convince enough people, we might be able to get them online behind a whitelisted firewall.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4625
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#77 by fanthom » 30 May 2013, 09:25

hello Pyriana,
with a relatively easy Kiosk mode.
let us know what the difficulties are and will try to improve
f I put it in rootcopy it seems to be trying to load it in ram.
yes - /rootcopy is meant to be used for config files or if you want to test something quickly. once you are happy with changes implemented in /rootcopy you should create a module (but this is only a recommendation).
I've tried putting it on the hard drive after it's been imaged and it doesn't appear to be editable.
correct - this is one of our security layers as attacker is not able to make any persistent changes outside of RAM (swap partition is the only exception but support for swap can be enabled only through the wizard)
(I had to modify the script to use -joliet-long while making the ISO because the web page names get quite lengthy)
thanks - will add by default
Will putting it in the /porteus directory work?
yes but creating a xzm module from 20GB of data will take forever.
i have modified initrd for kiosk and tweaked rootcopy function:
- if 'copy2ram' is active then content of the /rootcopy folder gets copied to RAM (as it was before)
- when 'copy2ram' is not active then /rootcopy folder is added as another branch to aufs instead of copying. in short - /rootcopy is treated as another xzm.
advantage: you do not have to create huge module and it should solve your low RAM issue (to be honest i can't think of a system which would handle 20GB copied to RAM)
just remember to disable 'copy2ram' in the wizard.

please grab modified initrd from here:
http://ponce.cc/porteus/i486/testing/kiosk/initrd.xz
will push this change to thenext kiosk release.
thanks for bug report.
are there any things I should add to this to make it more secure?
it depends on how much your customizations goes. in current kiosk shape we have all the security layers we are aware of enabled by default.
if you think about going online then make sure you keep firefox and flash up to date. other components should be fine.

good luck with your project and looking forward for more feedback from you.
Please add [Solved] to your thread title if the solution was found.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#78 by Pyriana » 31 May 2013, 09:33

Thank you, the modified initrd worked perfectly for getting it to boot. Now the only hurdle I have left to jump is that it is not reading html files on the drive. I actually have the home page set as file:///EducationPortal/index.html Which should point to the EducationPortal folder in the root directory and the index.html inside it. From what I can tell, it does. The page however comes up blank. And when I go to the page manually (I can browse the folders through firefox, which is fine for now but I will have to disable it once I get this working.) and click on it, it does nothing.

I found some instructions I thought might fix it here specifically adding this code to (in my case) /porteus/rootcopy/home/guest/.mozilla/firefox/c3pp43bg.default/user.js

Code: Select all

user_pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess");
But that seems to have not taken care of it. It says if you're running noscript you have to enable it within noscript, but I don't see that within the firefox directories.

Once I get this dialed in, I think I am going to take the "disable control keys" a bit further. I've noticed many key combinations that allow you to access the URL bar. Shift F5 even brings up the developer console, shift f6 the URL. So, since I don't want anyone even typing anything in, really. I'm gonna see about disabling everything on the keyboard but the arrow keys and page up/down. Or maybe just disable the keyboard entirely.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4625
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#79 by fanthom » 31 May 2013, 21:39

hello Pyriana,

could be that Public Kiosk addon is blocking local files. set a custom password on firefox (in wizard) then go to 'about:addons' and disable Publick Kiosk - just for a test.
I've noticed many key combinations that allow you to access the URL bar.
some users complained in the past when all shortcuts were disabled so now i'm blocking only what is necessary.
Shift F5 even brings up the developer console, shift f6 the URL
looks like S-F5 was introduced with latest firefox and i missed S-F6 totally.
will fix in 2.0.4 (no release date for it yet) - thanks.
Please add [Solved] to your thread title if the solution was found.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#80 by Pyriana » 01 Jun 2013, 02:32

So I re-compiled a new image with the firefox password enabled. It doesn't seem to have saved it. The password isn't saved in the initrd is it? Because I copied that from what you provided before. I do have that user.js in the firefox dir but it only has one item in it and it doesn't look like it's ovoerriding an existing file on the kiosk fs.

Looking through the addons however, I don't see an actual "Public Kiosk" addon unless you mean Public Fox.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4625
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#81 by fanthom » 01 Jun 2013, 11:13

password for firefox is encrypted and saved in a separated file in 003-settings.xzm so you must use the wizard to create new ISO (editing user.js wont help).
I don't see an actual "Public Kiosk" addon unless you mean Public Fox.
yes - Public Fox, my bad.
Please add [Solved] to your thread title if the solution was found.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#82 by Pyriana » 01 Jun 2013, 23:22

Disabling public fox had no effect. Even after re-starting the browser (which it asks you to do).

I even went so far as to install an addon called LocalLink which the previously mentioned page suggests installing for overriding the natural FireFox security against local files. To no avail. It's weird because I can view local files just fine on my windows machine, and on my linux mint live cd.

User avatar
brokenman
Site Admin
Site Admin
Posts: 5656
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#83 by brokenman » 02 Jun 2013, 00:58

If you are looking to start a file from local disk check that i didn't disable it in the lockdown file fanthom.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4625
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#84 by fanthom » 02 Jun 2013, 07:23

here is what i did:

a) ran wizard and set homepage to 'file:///tmp/index.html'

b) unpacked ISO created by the wizard

c) downloaded sample html page from net:
http://sheldonbrown.com/web_sample1.html

d) saved html page as /porteus/rootcopy/tmp/index.html

c) created new ISO with /porteus/make_iso.sh-org script

result seems to be ok:
http://oi40.tinypic.com/2ynf888.jpg

try to repeat what i did and then swap sample html page with your one.

btw: please remember that firefox runs from 'guest' account (1000:1000) so make sure that it has permission to at least read your custom files.
btw2: 'file' protocol is too powerful so i'll have to block if by default for next release

@brokenman
wizard currently locks only very few essential settings so admins can experiment with unencrypted users.js.
Please add [Solved] to your thread title if the solution was found.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#85 by Pyriana » 02 Jun 2013, 07:42

I'll give this a shot. How would I grant the guest user access outside of the file system?

User avatar
fanthom
Site Admin
Site Admin
Posts: 4625
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#86 by fanthom » 02 Jun 2013, 12:53

How would I grant the guest user access outside of the file system?
like where?
Please add [Solved] to your thread title if the solution was found.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#87 by Pyriana » 02 Jun 2013, 14:37

Sorry, I meant how would I grant access to the files while not in the OS. Through mint or whatever. Would I just chown to guest and chmod 400?

Edit: Figured it out, chmod 400 or 444 doesn't work, but if I chmod 777 it works. Perhaps I only need 555 or 550?
Last edited by Pyriana on 02 Jun 2013, 15:28, edited 1 time in total.

User avatar
fanthom
Site Admin
Site Admin
Posts: 4625
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Porteus Kiosk Edition v2.0 feedback

Post#88 by fanthom » 02 Jun 2013, 15:26

'guest' in kiosk has uid 1000 and gid 1000 so

Code: Select all

chown 1000:1000 -R /path
400 mask is not ok as you wont be able to enter directories. try this:

Code: Select all

chmod 400 -R /path
find /path -type d | xargs chmod 500
this code will set all files to 400 and directories to 500 which should be ok.
Please add [Solved] to your thread title if the solution was found.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#89 by Pyriana » 03 Jun 2013, 02:25

fanthom wrote:'guest' in kiosk has uid 1000 and gid 1000 so

Code: Select all

chown 1000:1000 -R /path
400 mask is not ok as you wont be able to enter directories. try this:

Code: Select all

chmod 400 -R /path
find /path -type d | xargs chmod 500
this code will set all files to 400 and directories to 500 which should be ok.
Compiled a test image and it worked like a charm, thanks for all of your help and support. I'll get this finished up tonight.

Pyriana
White ninja
White ninja
Posts: 19
Joined: 25 May 2013, 18:09
Distribution: PKE 2.0.2
Location: Oregon

Re: Porteus Kiosk Edition v2.0 feedback

Post#90 by Pyriana » 04 Jun 2013, 20:12

So it seems to work great for small web pages, but anything larger it gives an error.

Code: Select all

Starting Porteus Kiosk Edition (http://www.porteus.org)
cp: write error: No space left on device
Now this is a 40gb drive. And while I thought it was because I was filling the drive (the image was 20gb) I've reduced the size so it's only 3gb now, and I'm still getting the error. I figured it was trying to cp rootcopy to the proper location, but it doesn't seem like this is the case, considering I'm considerably under half the size of the drive now. I can't think of any scenarios where this could be a space issue short of porteus not using the full drive. Which is quite possible.

Either way, if it's duplicating rootcopy on the drive, is there any way I can get around this because the full set of courses is going to end up being around 25 or 30 gb and most of the old hardware computers we had donated have 40gb drives in them. Keep in mind that compression isn't really an option because 95% of the data are videos, which don't really compress all that well, since they already are.

Post Reply