[KLUG Members] Kiosk / Lightweight Workstation Recommendations

[Andrew Thompson]

On Sat, 2005-12-10 at 18:02 -0500, Todd Pillars wrote:
> Hi all,
> 
> I have been kicking around two kiosk scenarios and would like some 
> outside perspective. I am trying to decide between a customized live CD 
> or a locked-down desktop environment installed to hard drive.
> 
> Two PIII/933 machines each with monitors, and one network printer. Each 
> should have Firefox, OpenOffice.org, network printing, write to CD-R/USB 
> drive only. The intended purpose is a workstation that people (generally 
> from small organizations/businesses) can sit in front of and use for 
> "Business" type research - without a Linux person holding their hand. 
> After using the system they will get both a live CD and (maybe) an 
> install CD.
> 
> The project does have two constraints: It has to be Gnome, and it has to 
> be on Ubuntu. Debian will do for obvious reasons. This is not to start a 
> flame war but donning my fire retardant suit anyway.
> 
> The custom CD makes sense from the oops factor. If you make a mistake or 
> an error is encountered, just reboot. Negatives, it is slow and very 
> rigid. Plus, all changes require a rebuild, reburn, etc. The 
> customization process is not the easiest, and there is no one set way to 
> create it, although it _can_ be somewhat automated.

Is DVD an option? I think the players can be had for not much more than
CD-only units, these days, and that could probably mitigate the speed
factor.

> The locked-down desktop makes sense from a flexibility standpoint, but 
> the trade-off of speed is negated by the use of a hard drive that could 
> be a point of failure. And even after removing launchers from the 
> panel(s) who knows if you "really" have everything locked down? Another 
> big challenge here is blowing away the user directory after logout and 
> recreating a clean user directory with the bare minimum dot config files 
> et al.

How much flexibility is really needed? I think we'd need to know just
what sorts of changes should be permitted or supported. If a writable
user directory is desired, a separate /home partition, mounted
read/write, would probably fit the bill. The system itself has the tools
to create and destroy a user account, including its home directory, and
if you really wanted to get brutal, you could probably mkfs the
partition each time. All this would be isolated from the rest of the
file tree, which except for /var and perhaps a couple of others, would
exist on the main / partion, mounted read-only. As long as you can keep
the user away from the mount and umount commands and functions, that
should help keep the remainder of the system safe. All this might be
more effort than it's really worth, though.

> I have also thought of LTSP/Thin Client but it should/must go through 
> NoCat (or another auth/accounting scheme) which generally blows up 
> networking on LTSP right nicely.
> 
> Ideas? Input? Thanks in advance!

I think that, ideally, core system and applications should be supplied
separately from site-specific data, and not need updates as frequently.
That scenario might require a second storage unit, but could also
introduce some flexibility to an otherwise inflexible configuration. I
can think of about a dozen different approaches to this project, which
is probably about a dozen more than I really understand, but maybe some
of these ideas are worth considering.

-- 
Andrew Thompson <tempes at ameritech.net>
The Imagerie