No Internet

[Argo Navis]

@Blaze : Since I plan on using Porteus on usb with the computers of all my students, I have no idea which machine they will bring, Mac or Pc. I was wondering, following the suggestion of Ed_P, if I want to carry around a set of drivers in case something is not working on a specific computer, where to find those drivers. If I have to compile them myself, this is way above my level right now. So I was wondering if there was already a library of drivers to consult.

[Argo Navis]

On yet another note, I was reading a lot of material about the way to go about creating a jail or a container for the guest user, so that they could not access anything else than their /home/ folder. I read somewhere that I could use rbash to create a restricted shell for a user but rbash does not seem to be included in Porteus.
Should I ask this question somewhere else on the forum? There is no thread with the keywords 'rbash' or 'chroot jail' so I don't know where to start with this.

[beny]

hi, to start the rbash: try if work for you
bash-5.2# cd /bin
bash-5.2# ln -s bash rbash
bash-5.2# rbash
rbash-5.2#

[Ed_P]

creating a jail or a container for the guest user,

Argo don't over complicate your idea. Two other options, 1. create a backup of each students' USB drives, or 2. keep a log of how you create each students' USB drive noting any drivers you had to add. If a student screws up their drive, recreate it.

[Argo Navis]

@Ed_P : it is not about screwing their system up, it is more about I don't want them bringing stuff in from outside the system. In short: my college don't want to buy enough computers for the exams and dissertations and we cannot allow the student's computer in the class for obvious reasons of cheating. If I can block access to the usb stick from inside Porteus, I can boot their computer and put them in a sealed environment. So I would like to lock them in their /Home/ directory so that they can have access only to the files they have created in class from inside their Porteus session. I would like a more "Kiosk" environment, but on a usb stick.

[Ed_P]

I don't want them bringing stuff in from outside the system.

Ok. How about not letting them take the USB sticks home and configure the USB sticks to not access the harddrive?

I would like a more "Kiosk" environment, but on a usb stick.

Have you considered the Porteus Kiosk system?

[Argo Navis]

I read that the Porteus Kiosk cannot be installed on a usb stick, only on CD? If that is not accurate anymore, it could effectively be more appropriate.

As for not letting them taking the pendrive at home, that's for sure. But I'm more worried about a student starting a session in Windows, copying a file on the pendrive, rebooting and having access to it from the Porteus session.

What I'm trying to achieve with a restricted shell is to limit their capacity to have access to the mounted usb drive. Correct me if I'm wrong, by all means, but as far as my understanding of Porteus goes, I understand that the /Home/ folder is encoded in the savefile in a .dat format, so a file cannot be "introduced" from outside (a Windows session for example) inside the /Home folder. So if the guest user was jailed inside its /Home folder and didn't have access recursively to the pendrive running Porteus, they would not have access to a file stored on the pendrive outside of the /Home folder.

Anyway, excuse me if this does not make any sense or if I use incorrectly the concepts and the vocabulary, I'm a French literature teacher first, and I try to learn this as I go, but it is still very abstract to me.

[Ed_P]

I'm a French literature teacher first, and I try to learn this as I go, but it is still very abstract to me.

And a good person for sure. With a big giving heart.

I read that the Porteus Kiosk cannot be installed on a usb stick, only on CD? If that is not accurate anymore, it could effectively be more appropriate.

From my experience CDs went out of use 20 yrs ago. But CD drives can be USB connected for people who want or need to use them. The Kiosk runs from USB drives TTBOMK. It also runs from a server so a single machine in your class as a server might work for your plan.

my understanding of Porteus goes, I understand that the /Home/ folder is encoded in the savefile in a .dat format, so a file cannot be "introduced" from outside (a Windows session for example) inside the /Home folder.

The save.dat file only comes into play on drives formatted as FAT or NTFS. If the drive is an ext format the files and all changes are stored directly to the drive. A user has the option to save changes as .xzm files. I'm not on Porteus at the moment so I can't check if there are other save changes options. I'll get back to you later.

[beny]

in porteus ext4 file system you can make a save.dat in xfs file system there is a tool to do this but Argo Navis you need help for tweak the core system remove the fstab updater so the system don't check for hard drive connected,the cheat code are visible on boot directory, change permission right to the system, remove the sudo option and also the password for root is too simple,and i don't remember if you can put a password to the save.dat mount option, if you don't trust the system you have to rebuild the kernel to remove the ntfs mount option so no windows at all,is a big work and maybe i have forget something...

[Argo Navis]

The ext way is interesting... I'm guessing I should format a pendrive in ext4?
I did just that and then tried installing the .iso from Porteus to the new pendrive. When I ran Porteus-installer-for-Linux.com it gave me the error "Installation failed with error code '1'" and gave me a 'debug.txt' file.
Here is the content of debug.txt:

Code: Select all

partition: /dev/sdb
partition mount point: /mnt/sdb
installation path: /mnt/sdb/boot
filesystem: ext4
bootloader: lilo
error code: 1
system: porteus.example.net 6.6.20-porteus x86_64
mount details: /dev/sdb /mnt/sdb ext4 rw,noatime,nodiratime 0 0
full partition scheme:
Disk /dev/loop0: 103.7 MiB, 108732416 bytes, 212368 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop1: 4 GiB, 4294966784 bytes, 8388607 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop2: 122.98 MiB, 128954368 bytes, 251864 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop3: 112.1 MiB, 117542912 bytes, 229576 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop4: 20.65 MiB, 21655552 bytes, 42296 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop5: 24.19 MiB, 25362432 bytes, 49536 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop6: 73.66 MiB, 77242368 bytes, 150864 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop7: 61.33 MiB, 64311296 bytes, 125608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop8: 196 KiB, 200704 bytes, 392 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop9: 229.37 MiB, 240513024 bytes, 469752 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop10: 1.74 MiB, 1826816 bytes, 3568 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop11: 204 KiB, 208896 bytes, 408 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/nvme0n1: 476.94 GiB, 512110190592 bytes, 1000215216 sectors
Disk model: SAMSUNG MZVL2512HCJQ-00B00              
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 51A09159-DE78-45E2-8D50-3B33637932BC

Device             Start        End   Sectors   Size Type
/dev/nvme0n1p1      2048     534527    532480   260M EFI System
/dev/nvme0n1p2    534528     567295     32768    16M Microsoft reserved
/dev/nvme0n1p3    567296  962465791 961898496 458.7G Microsoft basic data
/dev/nvme0n1p4 962465792  964562943   2097152     1G Windows recovery environment
/dev/nvme0n1p5 964562944  998117375  33554432    16G Windows recovery environment
/dev/nvme0n1p6 998117376 1000215182   2097807     1G unknown


Disk /dev/sda: 14.41 GiB, 15472047104 bytes, 30218842 sectors
Disk model: DataTraveler 3.0
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x63ccda64

Device     Boot Start      End  Sectors  Size Id Type
/dev/sda1  *     2048 30218239 30216192 14.4G  c W95 FAT32 (LBA)


Disk /dev/sdb: 28.91 GiB, 31042043904 bytes, 60628992 sectors
Disk model: USB3.0 32 IRON  
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Any idea what I'm doing wrong?

[Argo Navis]

Actually, I found something here that might help Porteus installer chosing the wrong drive
I did format the usb with no partition

[Ed_P]

To boot Porteus on EFI machines you need a small FAT32 partition for the EFI folder. You also need to disable the Secure Boot option on the computer.

[beny]

hi, you can't install the boot loader into the whole disk,you need a partition first: with gparted or another tool you can do it, beware of the name of the disk,you can erase the wrong one
Disk /dev/sdi: 119.08 GiB, 127865454592 bytes, 249737216 sectors
Disk model: Transcend
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x105145d2

Device Boot Start End Sectors Size Id Type
/dev/sdi1 * 2048 249737215 249735168 119.1G 83 Linux

[Argo Navis]

I'm getting there! I tried implementing your all your suggestions.
I formated a pendrive with a small FAT32 partition holding the EFI and boot directories and a big ext4 for the Porteus files, its works super well.
My question is, once the booting process is over, does Porteus still need to have access to EFI/boot?

My problem is this: once the booting is done, the guest user still has access to a FAT32 filesystem where he can have stashed a document from a previous Windows session. So I would like to cut access to that partition for the guest user.

As far as I uderstand, I can remove the permission to mount exterior pendrive (although I'm not too sure how, for what I have tried so far doesn't work). Is there a way to write a script that would retroactively unmount the FAT32 partition where the boot is, and at what point of the booting process should I insert that script so as not to interrupt anything else? (In other words, how do I make my guest take off it's boot after he came inside... )

[beny]

hi maybe you have to work with the directory permission only root can read and write on directory and group and user can do nothing so the directory is locked for user take a try on the usb root properties of the fat32 boot directory if you can play with...i have read that fat32 do not deny the read action but the write action yes so i think you can work with the properties