• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1002
  • Last Modified:

Remote Desktop Connection to Ubuntu 11.04 - Kiosk Only

Hi,

Forgive my ignorance, as I'm coming from a Windows background.

I have  a Ubuntu 11.04 server.  I need to do the following:

1. Enable remote access for about 1,500 users.  They will be accessing the desktop via a VNC or RDP app on their iPhones, iPads, and Android devices.

2. Allow them (via the mobile devices) to open and manipulate a web browser on the Ubuntu desktop.  The Ubuntu browser must have support for the JRE, e.g., Firefox or the browser included with Ubuntu.  Ideally they should only be able to browse to a specific web site I authorize and do nothing else with the computer.

3.  Should not be able to shut down computer, open any other programs, screw it up for other users, etc.

4.  I need to be able to easily add/edit/delete users w/o too much hassle. I.e., set up a login account, assign passwords, etc.

I realize this sounds crazy.  However, there's a special web app they need to run that REQUIRES the JRE and this doesn't seem possible to use the JRE on iphone, android, etc.  They are using their mobile devices (I can't change this) and need to be able to interact with a specific web site app that requires the JRE.

I'm not very familiar with Linux but have thus far set up Gnome and RDC---and have logged in and gotten this to work with one or two user accounts.  However, it's a hassle to configure all the desktop settings, security, etc. for each account I set up in Gnome so I'm thinking there must be an easier way.

Let me know if you need more info.

Thank you in advance,

Chris
0
jumpseatnews
Asked:
jumpseatnews
  • 2
  • 2
1 Solution
 
TobiasHolmCommented:
Hi!

Where do you have your users today? In a Microsoft AD? Then you can join the Ubuntu to the AD. Here's an example how to join the AD: http://youtu.be/Y3TFPDT9uic

Example how to disable users to shut down the computer: http://embraceubuntu.com/2006/03/20/disable-shutdown-for-normal-users/

Here's some idéas how to prevent users from running certain apps: http://ubuntuforums.org/showthread.php?t=941659

Regards, Tobias
0
 
jumpseatnewsAuthor Commented:
Hi Tobias,

Currently, there are no users, as it has not been set up yet.  I was originally going to go the windows route but the licenses are too expensive for Terminal Services on a Windows server.

The article about Firefox is helpful in theory but goes on the assumption that there is one assigned user---I'm needed to create 1,500 actual user account, each with their own login but share a same set of access privileges.  

There is something in Ubuntu called user groups but I'm not sure if it's possible to set privileges at the group level like you can in Windows.  For example, what might work would be to create a group called 'public' and then assign all desktop preferences, layout, security to that specific group.  Then, when I sudo to add a new user, I would just assign them to that group and everything else would be taken care of.

Chris
0
 
TobiasHolmCommented:
I agree with Microsoft licenses are too expensive. Better with Free and Open Source! ;)

I was thinking about this in the Firefox example: "I recommend dragging the applications you want them to have access to directly onto the panel and then completely remove the Application/Places/System menu. Then, hit Alt-F2 and type gconf-editor. Navigate to /apps/panel/global and check locked_down and disable the Alt-F2 run key. Also go to /desktop/gnome/lockdown and check the relevant options to lock down. That should make that user extremely limited in what they are able to run.". You could use this to control what apps your users can see.

You can put a Linux user in groups, but the groups doesn't control all the things you want. The groups control the file system access. Read more here: http://www.unix.com/tips-tutorials/19060-unix-file-permissions.html (long post)

You can use this script to create 1,500 users on your Ubuntu server:
# adduser.sh   Tobias Holm   2012-03-16
#
# Usage: adduser.sh username password
# Script must be run as root.
# To create multiple users, create a textfile with the username and passwords
#   with one user and password on each line. The run this command:
# while read LINE; do sudo ./adduser.sh $LINE; done < users.txt

user=$1
password=$2

adduser --ingroup users --disabled-password --gecos $user $user

# Set password
tmpdir=/tmp/pwddir$$
mkdir -p $tmpdir
chmod og-rx $tmpdir
echo $password > $tmpdir/pwd
encrypted=`mkpasswd -s < $tmpdir/pwd`
usermod -p $encrypted $user
rm -rf $tmpdir

# For debug, remove if you like
echo user: $user
echo pass: $password
echo -----------------------

Open in new window


Regards, Tobias
0
 
jumpseatnewsAuthor Commented:
Thank you Tobias!!! Awesome answer!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now