Laptops as Linux Kiosks

by Jamie Zawinski
Jul - Dec 2000

This document describes how I went about turning a cheap P90 laptop into an internet kiosk. For an explanation of what my goals were, and why I decided not to use laptops for this, go back.

The basic idea is that the machine mounts as many of its file systems read-only as possible; so nothing can be changed on them, thus it's always safe to power them down. The problem is that Linux really doesn't like it when certain file systems are read-only. In particular:

So my approach was to arrange for the system to have only one writable partition, /var. All other partitions would be read-only, including /. And the /var partition would be recreated from scratch at boot-time, meaning there was no danger in a sudden shutdown, since even if the old, writable /var got corrupted, it wouldn't matter, since we were never going to try and mount that version again.

Anything that needed to be writable on the other read-only parititions would be replaced by a symlink into /var. At boot-time, /var would be created by wiping its partition, and then re-initializing it by copying the contents of the /var-ro directory into it.

Here are the steps I followed to create this system:

Install Linux.

Install some kiosk utilities:

Initialize the ``guest'' user'senvironment:

Set up auto-login for the guest user:

Make the system boot read-only:

Boot up!

Final security measures:

And that should do it... As long as the machine does not have a CDROM or floppy drive attached to it, it should be impossible to remount any of the drives writably without guessing a password or cracking root some other way.

Again, please go back to see a diskless NFS-oriented approach to this, which I've decided is a better way.