Laptops as Linux Kiosks
This document describes how I went about turning a cheap P90 laptop
into an internet kiosk. For an explanation of what my goals were, and
why I decided not to use laptops for this, go
The basic idea is that the machine mounts as many of its file
systems read-only as possible; so nothing can be changed on them, thus
it's always safe to power them down. The problem is that Linux really
doesn't like it when certain file systems are read-only. In
- /var needs to be writable, because lots
and lots of files in there get modified. I tried making only
/var/log and /var/run be
writable, but that wasn't enough.
- Much of /dev needs to be writable, because
various things try to chown or chmod device files in there. If the
file system is read-only, then chown reports a failure, and bad
things happen. This is true even if the devices have the requested
needs to be writable, or the system won't know what's mounted.
So my approach was to arrange for the system to have only one
writable partition, /var. All other partitions would
be read-only, including /. And the
/var partition would be recreated from scratch at
boot-time, meaning there was no danger in a sudden shutdown, since even
if the old, writable /var got corrupted, it wouldn't
matter, since we were never going to try and mount that version again.
Anything that needed to be writable on the other read-only
parititions would be replaced by a symlink into /var.
At boot-time, /var would be created by wiping its
partition, and then re-initializing it by copying the contents of the
/var-ro directory into it.
Here are the steps I followed to create this system:
Turn off some more stuff we don't need:
- Install Red Hat Linux 6.2 from scratch. Do a totally
minimal install (just X: no GNOME, no inetd, no extras.)
- Partition the system like so (the machines I'm using have
800M disks: that's plenty for this application.)
Now boot it.
- Install some more packages: I find installation to be
a lot easier with these around...
- Turn off ``xfs'', the X Font Server. Once we make things
read-only, it won't work any more and I didn't bother figuring out
why. It doesn't matter, we don't really need it. Turn it off
to add real font paths:
chkconfig apmd off;
Install some more stuff:
chkconfig gpm off;
chkconfig kudzu off;
chkconfig sendmail off
- Helix GNOME,
- netscape-navigator (not netscape-communicator.)
Muttzilla (to make Navigator able to use mailto:
Macromedia Flash plugin;
- RealPlayer 7;
- xanim 2.80, plus xanim-nonfree-codecs;
- xdaliclock (for xscreensaver);
- xfishtank (for xscreensaver);
- xearth (for xscreensaver);
- ssystem (for xscreensaver);
- xmountains (for xscreensaver);
- xaos (for xscreensaver);
- xsnow (for xscreensaver);
- words-2-12.noarch.rpm (for /usr/dict/words);
- iputils (for ``ping'');
- bind-utils (for ``nslookup'');
- libgr and libgr-progs;
- symlink /usr/lib/libMesaGL[U].so.3
to /usr/lib/libGL[U].so.1 (some things
Install some kiosk utilities:
Initialize the ``guest'' user'senvironment:
Set up auto-login for the guest user:
- in /etc/inittab,
- ln -s /usr/local/sbin/xsession
Make the system boot read-only:
Final security measures:
Turn on security to make it impossible to boot standalone without
- In /etc/inittab,
to make a password be required to boot standalone.
- In /etc/lilo.conf,
add a password for non-default boot options:
- chmod a-rwx /etc/lilo.conf ; lilo
Since the contents of /var go away when the
machine is booted, you might want to configure it to send its syslog
messages to another server:
- Replace the contents of
with the single line:
where loghost is the machine to which logs should be sent.
- Ensure that UDP port 514 (syslog) is reachable on that machine.
And that should do it... As long as the machine does not have a
CDROM or floppy drive attached to it, it should be impossible to
remount any of the drives writably without guessing a password or
cracking root some other way.
Again, please go back to see a diskless
NFS-oriented approach to this, which I've decided is a better way.