OpenBSD Journal

Browser-only kiosks using OpenBSD

Contributed by jose on from the limited-use-for-people dept.

anonymous writes: "The idea of setting up browser-only kiosks on i386 PCs has at least entered the minds of some IT people I know at my institution. The idea is to have machines that boot to a browser session without requiring any login, and respawn this session when rebooted or reset (by zapping an X session or closing the browser). Of course it would be nice if such machines were as secure as possible, with the Windows PCs that currently provide these services leaving some room for improvement in this respect.

The idea has not yet been *seriously* floated, so it seemed like a good time to pick the brains of deadly readers and see if someone already has the detailed solution to this problem worked out. I think a 'proof of concept' demo machine might at least help advance the idea beyond 'wild suggestion' to 'take under consideration'."

(Comments are closed)

  1. By j0rd () on

    There is a firefox port in ports-current which i currently use. It works fine. It's not as speedy as the version that im running under my linux work station at home, but im sure you could recompile the system for the specified architechture it would speed things up.

    Here are some links with regards to setting firefox up as a kiosk browser.

    There are also some pluggins for firefox regarding kiosk browsing. Look for "kiosk browsing" section at:

    My only problem with setting up something like this would be that kiosk machines are usually pretty low end hardware...firefox might be too much bloat.

    1. By Anonymous Coward () on

      I think setting up Firefox for kiosk browsing is a no-brainer, and if you run the Window manager before the browser in the .xsession file for the unpriviledged user (or change the system wide default) like so:

      FavWindowManager &

      Then I think the session should terminate when the user quits the browser. I have no idea how to get, say, xdm to automatically start a session for a particular user without a password though (and using xdm tends to be the nicest way to start an X session in OpenBSD). This really seems to be the key issue here, and I'm not even if it is possible. For that matter I'm not sure I know how to safely start a even a console session for a user without a password prompt; "login -f username" perhaps?

      1. By FreeJak () on

        How about a null password profile and opera?
        Other things I'm thinking about are having an automounter+diskless configuration that mounts / and etc by request, like Sun's AutoClients and Java Stations do.
        If you have the configs ready, there should be less problems.
        Take care!

      2. By Anonymous Coward () on

        What's xdm?

        I've a 3 headed machine whose sole existance is to display gfx of stats and webcam images to the three heads. In /etc/rc.local i have:
        su - display -c startx &

        The user display has a .xinitrc script which doesn't run a wm but just runs some scripts that call ImageMagick's montage and display to show the graphs and other images.

        For a kiosk i would instead try to give the user a cronjob something like:
        @reboot /path/to/myscript

        where /path/to/myscript is not editable by the user, and is something like:
        while [ 1 ]; do startx; logger X died; sleep 10; done

        And as the previous poster mentioned, $HOME/.xinitrc can be as simple as:
        wm & browser

        Do you even need a wm?

        Be careful with what is available to the browser, remember that file:/// can be your enemy, systrace/chroot might be your friend. Might wanna chflags the prefs to be immutable and also add something to .xinitrc to wipe out cache and cookies on browser exit.

        1. By Anonymous Coward () on

          One more thing, maybe you wanna run xautolock to automatically kill and restart X after a few minutes of no activity, provided there has been some activity since the last restart.

      3. By strgout () on

        Well i think to auto login a user you make add something to /etc/gettytab then call that from /etc/ttys


        ttyv1 "/usr/libexec/getty al.9600" cons25 on insecure

        just a guess for the auto login.

  2. By Justin () on

    load the browser via
    xinit BROWSER

    then how about loading any bare minimum into memory (saving room for cookies and cache) then unmount the partitions.

  3. By jose () on

    these may be useful:

    "Mozilla Kiosk is a mozilla interface using XUL and JAVASCRIPT to implement a kiosk style browser. The concept here is to have a browser that does nothing more than browse - no fancy features. Designed for a kiosk style system."

    "The problem is that Mozilla does not support a kiosk mode that can be invoked at browser start-up through the command-line. However, using Javascript code, you can open the equivalent of a kiosk browser. You can also control specifically which elements will appear. This allows you to customize the kiosk mode to fit your needs. You don't need to be a Javascript expert to make this work. If you can copy-and-paste, you can use this method!"

    1. By Anonymous Coward () on

      yeah too bad. fuck javascript

  4. By Anonymous Coward () on

    why openbsd ? What does it bring to the table ?

    It seems like you know the solution you want w/o detailing the problem.

    1. By Anonymous Coward () on

      I thought I outlined the problem pretty clearly. There is no religous reason it *has* to be OpenBSD (in fact the people in question will probably insist it MUST be implemented on Red Hat Linux for reasons of manager mindshare). It just happens I am most familiar with OpenBSD, and thought it would be a great chance to get the platform some exposure in my institution.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]