On Mon, Oct 31, 2011 at 01:29:58PM +0100, Henning Brauer wrote:
> * Sime Ramov <s...@ramov.com> [2011-10-29 13:58]:
> > * Tito Mari Francis Escaqo <titomarifran...@gmail.com>
> > [2011-10-29T17:50+0800]:
> > > My idea is for the whole system to run off a Live CD, but I'm quite
> > > lost how to start the X windowing system, then the web browser and
> > > then automatically shutdown the whole system after quitting web
> > > browser.
> >
> > As for the browser starting when X is started, this would do:
> >
> > echo exec firefox > ~/.xinitrc
>
> and with sth like
>
> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin/:/usr/local/bin \
> sudo -u display -H /usr/X11R6/bin/startx >/var/log/Xdisplay 2>&1
> </dev/null
>
> in rc.local you even get it automagically on bootup.
>
> > When you quit Firefox, X will terminate, too. Your other requirements
> > are a bit trickier though.
>
> not really - if you start X in rc.local and don't background it just
> poot halt -p as last command in rc.local.
>
>
> --
> Henning Brauer, h...@bsws.de, henn...@openbsd.org
> BS Web Services, http://bsws.de, Full-Service ISP
> Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
> Managed
> Henning Brauer Consulting, http://henningbrauer.com/
>
Here's the set of files I used for a year or so to create and operate
'public' computers that only ran Firefox. The clic.sh file, when run
from a fresh install, turned the machine into such a dedicated device
by installing the files provided and editing standard installed
config files. i.e. have all the files on a USB stick or something,
and run clic.sh from that directory.
The pf.conf is to ensure no 'internal' machines (which were all on
non-routable addresses) could be accessed. The rc.local magic was
to allow access to the default gateway, obviously an internal
address. :-).
fvwm so the users could close popup windows.
crontab to shut it down everynight at closing time.
Firefox 3.5 because they needed to run Java apps, and the later
plugin did not (and still doesn't I think) work.
The file missing (firefox35.tgz) I created by starting up firefox once
as 'client' and tar'ing up the resulting .mozilla directory. This was to
ensure meant there was a 'clean' firefox everytime it started up.
It was moderately annoying to have to boot to single user and fiddle with
/etc/ttys to do any maintenance, but I never got around to allowing
remote access.
No great innovation, just a lot of trial and error starting with henning's
advice, a lot googling and reading "X Power Tools".
And haven't run it in a year or so, so ymmv.
You might also want to investigate xxxterm and its 'kiosk' mode.
.... Ken
========== Xinit.local ==========
#!/bin/ksh
echo startx -- vt05 | su - client
========== adduser.conf ==========
#
# $OpenBSD: adduser.perl,v 1.53 2007/01/03 15:26:04 simon Exp $
# /etc/adduser.conf - automatic generated by adduser(8)
#
# Note: adduser reads *and* writes this file.
# You may change values, but don't add new things before the
# line ``## DO NOT DELETE THIS LINE!''
#
# verbose = [0-2]
verbose = 1
# Get new password for new users
# defaultpasswd = yes | no
defaultpasswd = yes
# Default encryption method for user passwords
# Methods are all those listed in login.conf(5)
encryptionmethod = "auto"
# copy dotfiles from this dir ("/etc/skel" or "no")
dotdir = "/etc/skel"
# send this file to new user ("/etc/adduser.message" or "no")
send_message = "no"
# config file for adduser ("/etc/adduser.conf")
config = "/etc/adduser.conf"
# logfile ("/var/log/adduser" or "no")
logfile = "/var/log/adduser"
# default HOME directory ("/home")
home = "/home"
# List of directories where shells located
# path = ('/bin', '/usr/bin', '/usr/local/bin')
path = ('/bin', '/usr/bin', '/usr/local/bin')
# common shell list, first element has higher priority
# shellpref = ('bash', 'tcsh', 'ksh', 'csh', 'sh')
shellpref = ('csh', 'sh', 'bash', 'tcsh', 'ksh', 'nologin')
# defaultshell if not empty ("bash")
defaultshell = "ksh"
# defaultgroup ('USER' for same as username or any other valid group)
defaultgroup = USER
# new users get this uid
uid_start = 1000
uid_end = 2147483647
# default login.conf(5) login class
defaultclass = default
# login classes available from login.conf(5)
# login_classes = ('default', 'daemon', 'staff')
login_classes = ('default', 'daemon', 'staff', 'authpf')
## DO NOT DELETE THIS LINE!
## your own variables, see /etc/adduser.message
## end
========== all.js.append ==========
//
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
========== clic.sh ==========
#!/bin/ksh
# Turn a normal OpenBSD install into a Clic! station.
: ${CLICNHOME:=.}
: ${PKG_PATH:=../4.9/packages/i386}
export CLICNHOME PKG_PATH
# 1) Save original files for reference.
cp /etc/pf.conf /etc/pf.conf.orig
cp /etc/ttys /etc/ttys.orig
cp /etc/adduser.conf /etc/adduser.conf.orig
cp /etc/rc /etc/rc.orig
cp /etc/rc.conf.local /etc/rc.conf.local.orig
cp /etc/rc.local /etc/rc.local.orig
cp /etc/X11/xorg.conf /etc/X11/xorg.conf.orig
cp /etc/dhclient.conf /etc/dhclient.conf.orig
crontab -l >/root/root.crontab.orig
# 2) Add user 'client'. Need adduser.conf in place first.
cp $CLICNHOME/adduser.conf /etc/.
groupadd -g 1000 client
adduser -batch client client "Public Computer"
# 3) Populate client directory, /etc and default web page.
( cd $CLICNHOME
mkdir /home/client/.fvwm
cp .fvwm2rc /home/client/.fvwm/.
cp .xinitrc /home/client/.
cp Xinit.local /home/client/.
cp firefox35.mozilla.tgz /home/client/.
cp xorg.conf /etc/X11/.
cp pf.conf /etc/.
cat rc.local.martians >> /etc/rc.local
echo "supersede domain-name-servers 8.8.8.8,8.8.4.4;" >>/etc/dhclient.conf
crontab root.crontab
)
# 4) Tune local services.
echo "pf=yes" >> /etc/rc.conf.local
ed /etc/rc.conf.local <<_EOT
/ntpd
s/=/="-s"
w
q
_EOT
# 5) Install packages
pkg_add firefox35
pkg_add fvwm2+fvicons
pkg_add jre-1.6.0.03p12
mkdir /usr/local/lib/mozilla-plugins
ln -s /usr/local/jre-1.6.0/plugin/i386/ns7/libjavaplugin_oji.so \
/usr/local/lib/mozilla-plugins/libjavaplugin_oji.so
# 5a) Set global Firefox preferences
cp $CLICNHOME/firefox.cfg /usr/local/firefox35/firefox.cfg
cat <<_EOT >>/usr/local/firefox35/greprefs/all.js
// Use Clic! Global configuration file.
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
_EOT
# 6) Set up ttys to automatically start the browser
ed /etc/ttys <<_EOT
/ttyC1
s/secure//
s#".*"#"/home/client/Xinit.local"#
w
q
_EOT
cp /etc/ttys /etc/ttys.client
# 7) Tweak rc to force fsck on filesystems.
ed /etc/rc <<_EOT
/fsck -p
s/p/fy
w
q
_EOT
========== firefox.cfg ==========
// Clic! systemwide configuration file for Firefox
//
lockPref("browser.startup.homepage", "http://www.google.ca";);
lockPref("pref.browser.homepage?disable_button.current_page", true);
lockPref("network.dns.disableIPv6", true);
//
// History and Privacy
lockPref("privacy.sanitize.promptOnSanitize", false);
lockPref("privacy.sanitize.sanitizeOnShutdown", true);
lockPref("network.cookie.enableForCurrentSessionOnly", true);
//
// disable undesirable protocols
lockPref("network.protocol-handler.external.snews", false);
lockPref("network.protocol-handler.external.news", false);
lockPref("network.protocol-handler.external.irc", false);
lockPref("network.protocol-handler.external.mail", false);
lockPref("network.protocol-handler.external.mailto", false);
//
// Disable dns pre-fetching.
lockPref("network.prefetch-next", false);
lockPref("network.dns.disablePrefetch", true);
lockPref("network.proxy.socks_remote_dns", true);
//
========== pf.conf ==========
tcp_services = "{ ssh, www, https, domain }"
udp_sevices = "{ ntp, domain }"
icmp_types = "{ echoreq, unreach }"
table <martians> persist { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8,
169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }
#set skip on lo
block all
pass out proto tcp to any port $tcp_services
pass proto udp to any port $udp_sevices
# Allow ping.
pass inet proto icmp all icmp-type $icmp_types keep state
# Allow traceroute.
# "base+nhops*nqueries-1" (33434+64*3-1)
pass out inet proto udp from any to any port 33433 >< 33626 keep state
#pass quick on egress no state
antispoof quick for { lo egress }
# block traffic to/from internal hosts.
block in on egress from <martians> to any
block out on egress from any to <martians>
========== rc.local.martians ==========
# Fragment to append to rc.local.
#
# Add default gateway to pfctl table 'martians'.
set -- $(route -n show -inet | grep "^default")
if [ -n $2 ]; then
echo "Adding !$2 to pf table 'martians'."
pfctl -t martians -T add "!$2" >/dev/null 2>&1
fi
========== root.crontab ==========
#
SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#minute hour mday month wday command
#
# sendmail clientmqueue runner
*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac
-q
#
# rotate log files every hour, if necessary
0 * * * * /usr/bin/newsyslog
# send log file notifications, if necessary
#1-59 * * * * /usr/bin/newsyslog -m
#
# do daily/weekly/monthly maintenance
30 1 * * * /bin/sh /etc/daily
30 3 * * 6 /bin/sh /etc/weekly
30 5 1 * * /bin/sh /etc/monthly
#0 * * * * /usr/libexec/spamd-setup
# shutdown every day at 9pm.
05 21 * * * /sbin/halt -p
========== xorg.conf ==========
Section "ServerFlags"
Option "DontVTSwitch" "on"
Option "DontZoom" "on"
Option "DontZap" "on"
EndSection
========== Xinit.local ==========
#!/bin/ksh
echo startx -- vt05 | su - client
========== adduser.conf ==========
#
# $OpenBSD: adduser.perl,v 1.53 2007/01/03 15:26:04 simon Exp $
# /etc/adduser.conf - automatic generated by adduser(8)
#
# Note: adduser reads *and* writes this file.
# You may change values, but don't add new things before the
# line ``## DO NOT DELETE THIS LINE!''
#
# verbose = [0-2]
verbose = 1
# Get new password for new users
# defaultpasswd = yes | no
defaultpasswd = yes
# Default encryption method for user passwords
# Methods are all those listed in login.conf(5)
encryptionmethod = "auto"
# copy dotfiles from this dir ("/etc/skel" or "no")
dotdir = "/etc/skel"
# send this file to new user ("/etc/adduser.message" or "no")
send_message = "no"
# config file for adduser ("/etc/adduser.conf")
config = "/etc/adduser.conf"
# logfile ("/var/log/adduser" or "no")
logfile = "/var/log/adduser"
# default HOME directory ("/home")
home = "/home"
# List of directories where shells located
# path = ('/bin', '/usr/bin', '/usr/local/bin')
path = ('/bin', '/usr/bin', '/usr/local/bin')
# common shell list, first element has higher priority
# shellpref = ('bash', 'tcsh', 'ksh', 'csh', 'sh')
shellpref = ('csh', 'sh', 'bash', 'tcsh', 'ksh', 'nologin')
# defaultshell if not empty ("bash")
defaultshell = "ksh"
# defaultgroup ('USER' for same as username or any other valid group)
defaultgroup = USER
# new users get this uid
uid_start = 1000
uid_end = 2147483647
# default login.conf(5) login class
defaultclass = default
# login classes available from login.conf(5)
# login_classes = ('default', 'daemon', 'staff')
login_classes = ('default', 'daemon', 'staff', 'authpf')
## DO NOT DELETE THIS LINE!
## your own variables, see /etc/adduser.message
## end
========== all.js.append ==========
//
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
========== clic.sh ==========
#!/bin/ksh
# Turn a normal OpenBSD install into a Clic! station.
: ${CLICNHOME:=.}
: ${PKG_PATH:=../4.9/packages/i386}
export CLICNHOME PKG_PATH
# 1) Save original files for reference.
cp /etc/pf.conf /etc/pf.conf.orig
cp /etc/ttys /etc/ttys.orig
cp /etc/adduser.conf /etc/adduser.conf.orig
cp /etc/rc /etc/rc.orig
cp /etc/rc.conf.local /etc/rc.conf.local.orig
cp /etc/rc.local /etc/rc.local.orig
cp /etc/X11/xorg.conf /etc/X11/xorg.conf.orig
cp /etc/dhclient.conf /etc/dhclient.conf.orig
crontab -l >/root/root.crontab.orig
# 2) Add user 'client'. Need adduser.conf in place first.
cp $CLICNHOME/adduser.conf /etc/.
groupadd -g 1000 client
adduser -batch client client "Public Computer"
# 3) Populate client directory, /etc and default web page.
( cd $CLICNHOME
mkdir /home/client/.fvwm
cp .fvwm2rc /home/client/.fvwm/.
cp .xinitrc /home/client/.
cp Xinit.local /home/client/.
cp firefox35.mozilla.tgz /home/client/.
cp xorg.conf /etc/X11/.
cp pf.conf /etc/.
cat rc.local.martians >> /etc/rc.local
echo "supersede domain-name-servers 8.8.8.8,8.8.4.4;" >>/etc/dhclient.conf
crontab root.crontab
)
# 4) Tune local services.
echo "pf=yes" >> /etc/rc.conf.local
ed /etc/rc.conf.local <<_EOT
/ntpd
s/=/="-s"
w
q
_EOT
# 5) Install packages
pkg_add firefox35
pkg_add fvwm2+fvicons
pkg_add jre-1.6.0.03p12
mkdir /usr/local/lib/mozilla-plugins
ln -s /usr/local/jre-1.6.0/plugin/i386/ns7/libjavaplugin_oji.so \
/usr/local/lib/mozilla-plugins/libjavaplugin_oji.so
# 5a) Set global Firefox preferences
cp $CLICNHOME/firefox.cfg /usr/local/firefox35/firefox.cfg
cat <<_EOT >>/usr/local/firefox35/greprefs/all.js
// Use Clic! Global configuration file.
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
_EOT
# 6) Set up ttys to automatically start the browser
ed /etc/ttys <<_EOT
/ttyC1
s/secure//
s#".*"#"/home/client/Xinit.local"#
w
q
_EOT
cp /etc/ttys /etc/ttys.client
# 7) Tweak rc to force fsck on filesystems.
ed /etc/rc <<_EOT
/fsck -p
s/p/fy
w
q
_EOT
========== firefox.cfg ==========
// Clic! systemwide configuration file for Firefox
//
lockPref("browser.startup.homepage", "http://www.google.ca";);
lockPref("pref.browser.homepage?disable_button.current_page", true);
lockPref("network.dns.disableIPv6", true);
//
// History and Privacy
lockPref("privacy.sanitize.promptOnSanitize", false);
lockPref("privacy.sanitize.sanitizeOnShutdown", true);
lockPref("network.cookie.enableForCurrentSessionOnly", true);
//
// disable undesirable protocols
lockPref("network.protocol-handler.external.snews", false);
lockPref("network.protocol-handler.external.news", false);
lockPref("network.protocol-handler.external.irc", false);
lockPref("network.protocol-handler.external.mail", false);
lockPref("network.protocol-handler.external.mailto", false);
//
// Disable dns pre-fetching.
lockPref("network.prefetch-next", false);
lockPref("network.dns.disablePrefetch", true);
lockPref("network.proxy.socks_remote_dns", true);
//
========== pf.conf ==========
tcp_services = "{ ssh, www, https, domain }"
udp_sevices = "{ ntp, domain }"
icmp_types = "{ echoreq, unreach }"
table <martians> persist { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8,
169.254.0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }
#set skip on lo
block all
pass out proto tcp to any port $tcp_services
pass proto udp to any port $udp_sevices
# Allow ping.
pass inet proto icmp all icmp-type $icmp_types keep state
# Allow traceroute.
# "base+nhops*nqueries-1" (33434+64*3-1)
pass out inet proto udp from any to any port 33433 >< 33626 keep state
#pass quick on egress no state
antispoof quick for { lo egress }
# block traffic to/from internal hosts.
block in on egress from <martians> to any
block out on egress from any to <martians>
========== rc.local.martians ==========
# Fragment to append to rc.local.
#
# Add default gateway to pfctl table 'martians'.
set -- $(route -n show -inet | grep "^default")
if [ -n $2 ]; then
echo "Adding !$2 to pf table 'martians'."
pfctl -t martians -T add "!$2" >/dev/null 2>&1
fi
========== root.crontab ==========
#
SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#minute hour mday month wday command
#
# sendmail clientmqueue runner
*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac
-q
#
# rotate log files every hour, if necessary
0 * * * * /usr/bin/newsyslog
# send log file notifications, if necessary
#1-59 * * * * /usr/bin/newsyslog -m
#
# do daily/weekly/monthly maintenance
30 1 * * * /bin/sh /etc/daily
30 3 * * 6 /bin/sh /etc/weekly
30 5 1 * * /bin/sh /etc/monthly
#0 * * * * /usr/libexec/spamd-setup
# shutdown every day at 9pm.
05 21 * * * /sbin/halt -p
========== xorg.conf ==========
Section "ServerFlags"
Option "DontVTSwitch" "on"
Option "DontZoom" "on"
Option "DontZap" "on"
EndSection
========== .fvwm2rc ==========
# This file changed by the .fvwm2rc to .fvwm/.fvwm2rc converter
# this is a bare bones sample .fvwm2rc/system.fvwm2rc file for fvwm-2.
# It should be customized before install. See other sample .fvwm2rc files
# for hints, as well as pointers from the various links on the official
# fvwm web page (see the FAQ).
# be sure to customize these paths for your installation:
# Removed by fvwm24_convert: ModulePath /usr/X11R6/lib/X11/fvwm
ImagePath /usr/X11R6/include/X11/pixmaps:+
ImagePath /usr/X11R6/include/X11/bitmaps:+
EdgeResistance 250 10
EdgeScroll 100 100
ClickTime 750
# make sure these fonts exist on your system:
Style "*" Font -adobe-times-bold-r-*-*-14-*-*-*-*-*-*-*
Style "*" IconFont -adobe-helvetica-bold-r-*-*-10-*-*-*-*-*-*-*
Style "*" HilightFore #bebebe, HilightBack blue
MenuStyle #4d4d4d #bebebe #e7e7e7 -adobe-times-bold-r-*-*-12-*-*-*-*-*-*-* fvwm
DeskTopSize 1x1
ColormapFocus FollowsMouse
# default Styles:
Style "*" BorderWidth 7, HandleWidth 7
Style "*" Icon unknown1.xpm, Color #bebebe/darkred
Style "*" MWMFunctions, MWMDecor, HintOverride
Style "*" DecorateTransient, NoPPosition
Style "*" IconBox 0 -10 -280 -1
Style "*" ClickToFocus
Style "*" RandomPlacement, SmartPlacement
# Styles for various Fvwm modules:
Style "Fvwm*" NoTitle, Sticky, WindowListSkip
Style "Fvwm*" BorderWidth 2, CirculateSkipIcon, CirculateSkip
# some simple default key bindings:
Key Next A SCM Next [*] Focus
Key Prior A SCM Prev [*] Focus
# some simple default mouse bindings:
# for the root window:
Mouse 1 R A Menu RootMenu Nop
Mouse 2 R A Menu RootMenu Nop
Mouse 3 R A Menu RootMenu Nop
# for the title bar buttons:
Mouse 0 1 A Menu Window-Ops2 Close
Mouse 0 2 A Close
Mouse 0 4 A Maximize 100 100
# for other parts of the window/borders/icons:
Mouse 1 F A Resize-or-Raise
Mouse 1 TS A Move-or-Raise
Mouse 1 I A Move-or-Iconify
Mouse 2 I A Iconify
Mouse 2 FST A Menu Window-Ops2 Nop
Mouse 3 TSIF A RaiseLower
######################## Menus ###################
AddToMenu RootMenu "Clic!" Title
######################## Sample Functions ##########################
AddToFunc Move-or-Raise "I" Raise
+ "M" Move
+ "D" Lower
AddToFunc Maximize-Func "M" Maximize 0 100
+ "C" Maximize 0 80
+ "D" Maximize 100 100
AddToFunc Move-or-Iconify "I" Raise
+ "M" Move
+ "D" Iconify
AddToFunc Resize-or-Raise "I" Raise
+ "M" Resize
+ "D" Lower
DestroyModuleConfig FE-SM: *
*FE-SM: Cmd Function
*FE-SM: add_window StartFirefoxMaximized
Module FvwmEvent FE-SM
DestroyFunc StartFirefoxMaximized
AddToFunc StartFirefoxMaximized
+ I ThisWindow ("Mozilla Firefox", !Maximized) Maximize
========== .xinitrc ==========
get_ifdevs() {
ifconfig \
| egrep -v
'^[[:space:]]|(bridge|enc|gif|gre|lo|pflog|pfsync|ppp|sl|tun)[[:digit:]]+:' \
| sed -ne 's/^\(.*\):.*/\1/p'
}
xset -dpms
xset s off
while :; do
# Restart dhclients on all interfaces.
pkill dhclient
for _if in $(get_ifdevs); do
/usr/sbin/dhclient $_if
done
# Remove accumulated files.
rm -rf Desktop/*
rm -rf Downloads/*
rm -rf .mozilla/*
# Re-install default Firefox configuration.
tar xzpf firefox35.mozilla.tgz
# And present the full-screen browser.
/usr/local/bin/fvwm2 &
/usr/local/bin/firefox35
done
