Linux: How to setup a Kiosk using Ubuntu

Ubuntu 12.04 Kiosk

Core Software
Ubuntu 12.04 LTS Server
chromium-browser
xorg (X window system)
nodm (minimal display manager)

1. Install Ubuntu server
2. apt-get update && sudo apt-get upgrade
3. apt-get mc nano man man-db lynx openssh-server gpm

(Optional) If using wireless
4. apt-get install wireless-tools wpasupplicant

If you are connecting to an open network, you wont need wpasupplicant

(Optional) If using Intel wireless
4a. Add the following to the apt sources.list: http://ftp.us.debian.org/debian squeeze main contrib non-free
4b. apt-get firmware-iwlwifi

5. ifconfig wlan0 up – Brings up wireless interface

Check to see if Wifi is working

6. iwconfig
7. iwlist scan

If nothing shows up then their is a wireless driver issue

8. wpa_passphrase YOURSSID YOURWIFIPASSWORD – get your WiFi key.

It should look as follows:

network={
ssid=”YOURSSID”
#psk=”YOURWIFIPASSWORD”
psk=fe727aa8b64ac9b3f54c72432da14faed933ea511ecab1 5bbc6c52e7522f709a
}

We will use psk= (NOT #psk=) since the WiFi password in hex format.

9. nano /etc/network/interfaces – At the end of this file, you need to add your WiFi configuration. Here are the options you can add.

auto wlan0 #change this to the name of your WiFi interface
iface wlan0 inet dhcp #this is normally fine, if you want a static IP address replace “dhcp” with “static”
netmask 255.255.255.0 #change this as appropriate for your network, this value is usually right
gateway 192.168.1.1 #change this as appropriate for your network
address 192.168.1.100 #only needed for a static IP address
dns-nameservers 192.168.1.1 #only needed for a static IP address
wpa-driver wext #you shouldn’t need to change this
wpa-ssid YOURSSID #just type the name of your SSID here
wpa-ap-scan 1 #if the name of your SSID is hidden usually, type 2 instead of 1
wpa-proto WPA #if you use WPA1 type WPA, if you use WPA2 type RSN
wpa-pairwise CCMP #if you use AES type CCMP, if you use TKIP type TKIP
wpa-group CCMP #if you use AES type CCMP, if you use TKIP type TKIP
wpa-key-mgmt WPA-PSK #usually WPA-PSK (if you share a key) but sometimes WPA-EAP (for enterprises)
wpa-psk YOURHEXKEYFROMABOVE #the hex key that you generated earlier

Thus, since I am using a WiFi card that is identified as wlan0 and am connecting to a WPA1 AES encrypted network called MYPLACE that isn’t hidden without a static IP address, this is what I added:

auto wlan0
iface wlan0 inet dhcp
netmask 255.255.255.0
gateway 192.168.1.1
wpa-driver wext
wpa-ssid MYPLACE
wpa-ap-scan 1
wpa-proto WPA
wpa-pairwise CCMP
wpa-group CCMP
wpa-key-mgmt WPA-PSK
wpa-psk 71c81a855973ae7bb1243141e5caa7b6bb0e2d7bbtcetcetc

Finally, comment out the top section so it looks like this:

#auto eth0
#iface eth0 inet dhcp

This stops your wired network from working. This helps to ensure there are no conflicts. Remember, if you want your wired network to work again, remove these two comments (the #).

10. Reboot and it should work

If it does not work, edit the configuration file for the wpasupplicant program. Do this by issuing:

10b. nano /etc/wpa_supplicant.conf

Basically, you add pretty much the same information here as you did to the interfaces file, except without the wpa- part. So, my file looks like this:

ap_scan=1
ctrl_interface=/var/run/wpa_supplicant
network={
ssid=”MYPLACE”
scan_ssid=0
psk=71c81a855973ae7bb1243141e5caa7b6bb0e2d7bbtcetcetc
key_mgmt=WPA-PSK
proto=WPA
pairwise=CCMP
group=CCMP
}

Edit this file as necessary, make sure you add the ctrl_interface and network={ at the beginning and the } part at the end.

(Optional) Printing – Configure Cups
11. apt-get install cups
12. sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.original
13. sudo chmod a-w /etc/cups/cupsd.conf.original
14. sudo usermod -aG lpadmin username
15. lynx into http://localhost:631 and setup the attached printer
16. lpstat -s show printer status
17. lpoptions -d printername sets up default printer
18. echo “This is a test” > testfile.txt – Create a test file to test printing
19. lp testfile.txt – runs test print job

Main Kiosk Setup
20. apt-get install xorg nodm chromium-browser
21. adduser -m kiosk
22. (Optional – Add user to groups) adduser -G groupname kiosk

23. Login as kiosk.
24. touch ” ~/.xsession
25. nano ~/.xsession – add the two following lines
#!/usr/bin/env bash
chromium-browser –start-maximized
26. Type startx – nodm will start with Chromium. If your screen is half size drag it to fill the screen
27. Open the wrench menu, select Settings or go to chrome://chrome/settings
28. Under “Appearance” – remove all check marks
29. Configure all of the browser setting you prefer users to not have
30. If you have a set start page enter it now.
31. Press Ctrl+H and clear your browser history
32. Once finish Press Ctrl+Alt+F1 and then Ctrl+C to return to the console
33. Edit ~/.xsession to look as follows:
#!/usr/bin/env bash
while true; do
sed -i ‘s/”exited_cleanly”: false/”exited_cleanly”: true/’ ~/.config/chromium/Default/Preferences
sed -i ‘s/”exited_type”: “Crashed”/”exited_type”: “normal”/’ ~/.config/chromium/Default/Preferences
xmodmap -e “keycode 67 = 0x0000” #disables F1
xmodmap -e “remove Control = Control_L” #disables control left
xmodmap -e “remove Control = Control_R” #disables control right
xsetroot -cursor_name left_ptr #Replaces the X cursor with the standard left pointer
chromium-browser –start-maximized –kiosk http://<your_app_url>/;
# chromium-browser –start-maximized #This is used for testing
sleep 5s; #Restarts chrome is it crashes after 5 seconds
done
34. Change the default maximized settings in chromium from false to true
Go to /home/kiosk/.config/chromium/Default/Preference
“browser”; {
go down to “window_placement”: {
…
“maximized”: true,

Force the Browser to expand across the screen:
“browser”: {
“check_default_browser”: false,
“clear_lso_data_enabled”: true,
“custom_chrome_frame”: true,
“pepper_flash_settings_enabled”: false,
“window_placement”: {
“bottom”: 767,
“left”: 0,
“maximized”: false,
“right”: 1366,
“top”: 0,
“work_area_bottom”: 768,
“work_area_left”: 0,
“work_area_right”: 1366,
“work_area_top”: 0
},

34b. Also in “Preferences” near the bottom of the file (inside the Profile section) this line:
“exit_type”: “normal”,
“exited_cleanly”: true,
(Optional if wanting to view PDFs)
35. apt-get install evince mozplugger
36.Make evince work with Chromium
In /etc/mozpluggerrc.d edit the 40-global_defs.conf and add the following:

### Evince
define(EVINCE, [repeat swallow(evince) fill needs_xembed: evince “$file”])

Now in /etc/mozpluggerrc.d/62-documents.conf , the GV() & ACROREAD() (not necessary though) needs to be replaced with EVINCE() as

application/pdf:pdf:PDF file
application/x-pdf:pdf:PDF file
text/pdf:pdf:PDF file
text/x-pdf:pdf:PDF file

EVINCE() << previously ACROREAD()

repeat noisy swallow(Xpdf) fill needs_xembed: xpdf -g +9000+9000 “$file”
repeat noisy swallow(okular) fill needs_xembed: okular “$file”
repeat noisy swallow(epdfview) fill needs_xembed: epdfview “$file”

EVINCE() << previously GV()

repeat noisy swallow(evince) fill needs_xembed: evince “$file”

37. nano /etc/default/nodm (Change NODM_ENABLED and NODM_USER)
It should look as follows:

NODM_ENABLED=true
NODM_USER=<kiosk_user>
NODM_FIRST_VT=7
NODM_XSESSION=/etc/X11/Xsession
NODM_X_OPTIONS=’-nolisten tcp’
NODM_MIN_SESSION_TIME=60

38. chmod a-w -R ~/.config/chromium/Default/* – Keeps chromium’s settings from being changed.

39. Prevent CTRL+ALT+F1
nano /etc/X11/xorg.conf
Enter the following:

Section “ServerFlags”
Option “DontVTSwitch” “on”
EndSection

(Optional – Password protecting Grub)
Examine the grub configuration files
40. cd /etc/grub.d
41. ls -l
Informational
00_header:
Password Protection.
05_debian_theme:
Set background and text colors, themes
10_linux:
Locates Linux kernels based on results of the “lsb_release” command.
20_memtest86+:
If the file /boot/memtest86+.bin exists, it is included as a menu item.
30_os-prober:
Searches for Linux and OS’s on other partitions and includes them in the menu.
40_custom:
A template for adding custom menu entries which will be inserted into grub.cfg upon execution of the “update-grub” command. This and any other custom file must be made executable to allow importation into grub.cfg.

42. cp 00_header 00_header.bak – make sure you backup this file!

Create Grub Password
43. grub-mkpasswd-pbkdf2
Enter a password
At the command prompt type the word echo<space> then Highlight the password
Right Click after the space and gdm will Copy
Add a “>> 00_header” to send the password into the bottom of the 00_header file

44. vi 00_header
Above the copied password put 2 lines between EOF and the password
Password Protect the Grub File
Instructions (Type the following)
cat << EOF
set superusers=”someonesname”
password_pbkdf2 someonesname GRUB_PASSWORD_GOES_HERE
EOF
Press the <Esc> button
Type “:wq!”

Next: Edit your /etc/grub.d/10_linux file and down around line 29, it has this:
vi 10_linux
Code: CLASS=”–class gnu-linux –class gnu –class os”
Change it to this:
Code: CLASS=”–class gnu-linux –class gnu –class os –unrestricted”
Press the <Esc> button
Type “:wq!”
45. update-grub

Testing the Password Protected Grub Menu

Reboot the machine
Instructions
reboot

Boot to Grub 2 Menu
Instructions
Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Shift> key.

The Grub 2 Menu
Instructions
Make sure the first link is highlighted (See Below).
Press “e” to edit

Enter Username and Password
Instructions
Enter username:
Enter password:

Welcome to the Grub Menu
Notes
Now you have successfully password protected the Grub Menu.
Instructions
Press <Ctrl> and “x” to boot.

___________________________________________________________________________
Additional if you prefer to use Chrome

https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add –
nano /etc/apt/sources.list.d/google.list
Then copy and paste the line below into the file and save.
deb http://dl.google.com/linux/chrome/deb/ stable main
apt-get update
apt-get install google-chrome-stable

cd /opt/google/chrome/
ln -s $plugin /usr/lib/chromium-browser/;

To break into the OS.

Boot
Hold Shift for Grub
Select recovery
Use the root password to enter recovery

1) nano /etc/default/nodm
change NODM_ENABLED to false

2) nano /etc/X11/xorg.conf
comment out all lines with #

If you need to break the kiosk user
3) nano /home/kiosk/.xsession
Using # comment all needed fields especially,
“chromium-browser –start-maximized –kiosk http://<your_app_url>/”

By: nexxy, prupert, myself, and various other resources