Shared laptop with session time limit
Greetings habrovchane
I recently asked to set up a laptop in one of the small cafes so that visitors could use it for free , and with a time limit without worrying about their data.
So, the initial situation and the required functionality :
After an intensive search on the Internet for programs on Internet cafes, I decided that I shouldn’t shoot from a cannon on sparrows, and chose the following tools to solve the problem:
Now in order.
')
In windows, through “System-Management-Disk Management”, the main partition (labeled “Acer”) was reduced by 200 GB, we got a free unformatted area of ​​the disk (200GB), and put it there ubuntu.
Ubuntu installation is carried out as standard, boot from cd / dvd.
When installing, you can choose the option "next to the existing operating system", I chose manual partitioning:
We install the system with the username administrator ("admin" is already reserved for ubuntu).
After the first reboot, we connect the network / WIFI (if you have not connected yet) and install all updates, plus a couple of necessary additions for normal operation:
If you plan to use java (for example, online banking, etc.), put it too:
In this notebook, the first partition (/ dev / sda1) is the Windows recovery partition, so it is advisable to remove it from harm's way from the GRUB boot menu.
I did this:
from /boot/grub/grub.conf copied the necessary section to /etc/grub.d/40_custom :
append to the end of the file / etc / default / grub
and launch the GRUB menu update in the terminal
Now when you reboot, only the Linux related items and the last boot item of the installed Windows are visible in the menu.
If you need to hide the boot menu, you will have to bypass one bug present in ubuntu 12.04, namely, just by changing the parameters in / etc / default / grub
hide the menu when loading fails.
This is treated by adding a fragment to the end of the /etc/grub.d/00_header file.
In the end, the file / etc / default / grub has the following form:
and of course, do not forget to update grub before rebooting:
Now if, after the BIOS disappears, press ESC for 5 seconds, the GRUB menu will appear, otherwise the first menu item by default (Ubuntu) will be silently loaded.
Log out and log in again as administrator.
Create the / etc / guest-session / skel folder:
and copy the home directory of our user there:
If you now log in as a guest, the desktop and environment should look exactly the same as that of the user.
Login as administrator.
Add to the / usr / sbin / guest-account file at the end of the remove_account () function (executed when the guest logs off) the lines:
Create the file /etc/guest-session/skel/.guest.sh with the following contents:
and make it executable:
It remains only to add a line to the end of the /etc/guest-session/skel/.profile file .
and actually that's all.
As a result, I received a laptop that without warning and displaying the menu is loaded into ubuntu, with three users: administrator, user and guest, and with a time limit for the guest session of 30 minutes with a forced pause of 2 minutes. Pause can be reset by restarting the laptop. If this is undesirable, then you should save the .guest file not in / tmp, but, say, in / var / log (see / usr / sbin / guest-account ).
At certain intervals, the user is notified of the remaining session time.
During the session it is possible to change the user (for example, user, and back to the guest without the need to completely log out the user).
Although the .guest.sh script is not visible in the home folder (at least right away), it is visible in the process list, and this process is quietly killed by the guest (if he knows how), which in principle removes the restriction on the session time.
Constructive criticism and suggestions for improving this solution are welcome!
I recently asked to set up a laptop in one of the small cafes so that visitors could use it for free , and with a time limit without worrying about their data.
So, the initial situation and the required functionality :
- Acer i3 laptop, 4GB RAM, WIFI / USB, 640GB HDD (1 Recovery Partition + 1 System / Data), Win 7 Home Premium;
- the required session time is limited to 30 minutes;
- a break between sessions (minimum between logins) at 2 minutes;
- session data is not saved, moreover - must be removed from the laptop at the end of the session;
- the ability to work a specific user (cafe worker) without time limit;
- the ability to use if necessary pre-installed Windows 7.
After an intensive search on the Internet for programs on Internet cafes, I decided that I shouldn’t shoot from a cannon on sparrows, and chose the following tools to solve the problem:
- Linux as the second, and the main operating system (Ubuntu 12.04 LTS, because it will be supported by updates for a couple of years);
- guest account, which is present at 12.04 and after the end of the session deletes all user data;
- double hidden boot, with optional windows boot.
Now in order.
')
System installation
In windows, through “System-Management-Disk Management”, the main partition (labeled “Acer”) was reduced by 200 GB, we got a free unformatted area of ​​the disk (200GB), and put it there ubuntu.
Ubuntu installation is carried out as standard, boot from cd / dvd.
When installing, you can choose the option "next to the existing operating system", I chose manual partitioning:
- root (extended) root partition (use as “/”) 20 GB ext4 (/ dev / sda5);
- home partition (use as „/ home“) 176 GB ext4 (/ dev / sda6);
- paging file partition (use as swap) 4 GB (/ dev / sda7), although in principle is not needed, because deep sleep with saving to disk is not expected, but for internet surfing it is not needed.
We install the system with the username administrator ("admin" is already reserved for ubuntu).
After the first reboot, we connect the network / WIFI (if you have not connected yet) and install all updates, plus a couple of necessary additions for normal operation:
sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install flashplugin-downloader sudo apt-get install gimp If you plan to use java (for example, online banking, etc.), put it too:
sudo apt-get install openjdk-7-jre icedtea-7-plugin In this notebook, the first partition (/ dev / sda1) is the Windows recovery partition, so it is advisable to remove it from harm's way from the GRUB boot menu.
I did this:
from /boot/grub/grub.conf copied the necessary section to /etc/grub.d/40_custom :
#!/bin/sh exec tail -n +3 $0 # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. menuentry "Windows 7 (loader) (on /dev/sda2)" --class windows --class os { insmod part_msdos insmod ntfs set root='(hd0,msdos2)' search --no-floppy --fs-uuid --set=root 70E253CBE25393E6 chainloader +1 } append to the end of the file / etc / default / grub
GRUB_DISABLE_OS_PROBER="true" and launch the GRUB menu update in the terminal
sudo update-grub Now when you reboot, only the Linux related items and the last boot item of the installed Windows are visible in the menu.
If you need to hide the boot menu, you will have to bypass one bug present in ubuntu 12.04, namely, just by changing the parameters in / etc / default / grub
GRUB_HIDDEN_TIMEOUT="5" GRUB_HIDDEN_TIMEOUT_QUIET="false" hide the menu when loading fails.
This is treated by adding a fragment to the end of the /etc/grub.d/00_header file.
### BEGIN Hidden Menu Test ### cat << EOF if [ ${timeout} != -1 ]; then if sleep --verbose --interruptible ${GRUB_HIDDEN_TIMEOUT} ; then set timeout=0 fi fi EOF ### END Hidden Menu Test ### In the end, the file / etc / default / grub has the following form:
GRUB_DEFAULT="0" GRUB_HIDDEN_TIMEOUT="5" GRUB_HIDDEN_TIMEOUT_QUIET="false" GRUB_TIMEOUT="5" GRUB_DISTRIBUTOR="`lsb_release -i -s 2> /dev/null || echo Debian`" GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" GRUB_CMDLINE_LINUX="" # Uncomment to enable BadRAM filtering, modify to suit your needs # This works with Linux (no patch required) and with any kernel that obtains # the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) #GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" # Uncomment to disable graphical terminal (grub-pc only) #GRUB_TERMINAL="console" # The resolution used on graphical terminal # note that you can use only modes which your graphic card supports via VBE # you can see them in real GRUB with the command `vbeinfo' GRUB_GFXMODE="640x480" # Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux #GRUB_DISABLE_LINUX_UUID="true" # Uncomment to disable generation of recovery mode menu entries #GRUB_DISABLE_RECOVERY="true" # Uncomment to get a beep at grub start #GRUB_INIT_TUNE="480 440 1" GRUB_DISABLE_OS_PROBER="true" and of course, do not forget to update grub before rebooting:
sudo update-grub Now if, after the BIOS disappears, press ESC for 5 seconds, the GRUB menu will appear, otherwise the first menu item by default (Ubuntu) will be silently loaded.
Configuring the guest session
- Create a new user user (this will first be our sample for the guest, then the login for the cafe employee);
- Change wallpaper;
- We expose the necessary shortcuts to the desktop / configure the Unity panel to taste;
- Change settings LibreOffice, Gimp, etc.
Log out and log in again as administrator.
Create the / etc / guest-session / skel folder:
sudo mkdir -p /etc/guest-session/skel and copy the home directory of our user there:
sudo cp -a /home/user/* /etc/guest-session/skel/ sudo cp -a /home/user/.* /etc/guest-session/skel/ If you now log in as a guest, the desktop and environment should look exactly the same as that of the user.
Guest session time limit
Login as administrator.
Add to the / usr / sbin / guest-account file at the end of the remove_account () function (executed when the guest logs off) the lines:
remove_account () { … … rm -f /tmp/*.guest touch /tmp/$(date -d "today" +"%Y%m%d%H%M").guest } Create the file /etc/guest-session/skel/.guest.sh with the following contents:
#!/bin/sh if [ -f /tmp/*.guest ] then TIMEOUT=2 TIMESTAMP=`date -d "today" +"%Y%m%d%H%M"` for FNAME in /tmp/*.guest do OLDTIME="$(basename $FNAME .guest)" done if [ $(($TIMESTAMP-$OLDTIME)) -lt $TIMEOUT ] then sleep 10 notify-send -u critical " !" " ( )." sleep 10 gnome-session-quit --logout --no-prompt fi fi sleep 10 notify-send -u critical " " " 30 .\n\n!" sleep 600 notify-send -u critical " 20 ..." sleep 600 notify-send -u critical " 10 ..." sleep 300 notify-send -u critical " 5 !\n ." sleep 300 notify-send -u critical " " " 10 .\n ." sleep 10 gnome-session-quit --logout --no-prompt and make it executable:
sudo chmod a+x /etc/guest-session/skel/.guest.sh It remains only to add a line to the end of the /etc/guest-session/skel/.profile file .
$HOME/.guest.sh & and actually that's all.
Result
As a result, I received a laptop that without warning and displaying the menu is loaded into ubuntu, with three users: administrator, user and guest, and with a time limit for the guest session of 30 minutes with a forced pause of 2 minutes. Pause can be reset by restarting the laptop. If this is undesirable, then you should save the .guest file not in / tmp, but, say, in / var / log (see / usr / sbin / guest-account ).
At certain intervals, the user is notified of the remaining session time.
During the session it is possible to change the user (for example, user, and back to the guest without the need to completely log out the user).
disadvantages
Although the .guest.sh script is not visible in the home folder (at least right away), it is visible in the process list, and this process is quietly killed by the guest (if he knows how), which in principle removes the restriction on the session time.
Constructive criticism and suggestions for improving this solution are welcome!
Source: https://habr.com/ru/post/179237/
All Articles