Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remote Desktop Connection to Ubuntu 11.04 - Kiosk Only

Posted on 2012-03-15
4
Medium Priority
?
930 Views
Last Modified: 2012-03-28
Hi,

Forgive my ignorance, as I'm coming from a Windows background.

I have  a Ubuntu 11.04 server.  I need to do the following:

1. Enable remote access for about 1,500 users.  They will be accessing the desktop via a VNC or RDP app on their iPhones, iPads, and Android devices.

2. Allow them (via the mobile devices) to open and manipulate a web browser on the Ubuntu desktop.  The Ubuntu browser must have support for the JRE, e.g., Firefox or the browser included with Ubuntu.  Ideally they should only be able to browse to a specific web site I authorize and do nothing else with the computer.

3.  Should not be able to shut down computer, open any other programs, screw it up for other users, etc.

4.  I need to be able to easily add/edit/delete users w/o too much hassle. I.e., set up a login account, assign passwords, etc.

I realize this sounds crazy.  However, there's a special web app they need to run that REQUIRES the JRE and this doesn't seem possible to use the JRE on iphone, android, etc.  They are using their mobile devices (I can't change this) and need to be able to interact with a specific web site app that requires the JRE.

I'm not very familiar with Linux but have thus far set up Gnome and RDC---and have logged in and gotten this to work with one or two user accounts.  However, it's a hassle to configure all the desktop settings, security, etc. for each account I set up in Gnome so I'm thinking there must be an easier way.

Let me know if you need more info.

Thank you in advance,

Chris
0
Comment
Question by:jumpseatnews
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:TobiasHolm
ID: 37730470
Hi!

Where do you have your users today? In a Microsoft AD? Then you can join the Ubuntu to the AD. Here's an example how to join the AD: http://youtu.be/Y3TFPDT9uic

Example how to disable users to shut down the computer: http://embraceubuntu.com/2006/03/20/disable-shutdown-for-normal-users/

Here's some idéas how to prevent users from running certain apps: http://ubuntuforums.org/showthread.php?t=941659

Regards, Tobias
0
 

Author Comment

by:jumpseatnews
ID: 37730541
Hi Tobias,

Currently, there are no users, as it has not been set up yet.  I was originally going to go the windows route but the licenses are too expensive for Terminal Services on a Windows server.

The article about Firefox is helpful in theory but goes on the assumption that there is one assigned user---I'm needed to create 1,500 actual user account, each with their own login but share a same set of access privileges.  

There is something in Ubuntu called user groups but I'm not sure if it's possible to set privileges at the group level like you can in Windows.  For example, what might work would be to create a group called 'public' and then assign all desktop preferences, layout, security to that specific group.  Then, when I sudo to add a new user, I would just assign them to that group and everything else would be taken care of.

Chris
0
 
LVL 18

Accepted Solution

by:
TobiasHolm earned 2000 total points
ID: 37731283
I agree with Microsoft licenses are too expensive. Better with Free and Open Source! ;)

I was thinking about this in the Firefox example: "I recommend dragging the applications you want them to have access to directly onto the panel and then completely remove the Application/Places/System menu. Then, hit Alt-F2 and type gconf-editor. Navigate to /apps/panel/global and check locked_down and disable the Alt-F2 run key. Also go to /desktop/gnome/lockdown and check the relevant options to lock down. That should make that user extremely limited in what they are able to run.". You could use this to control what apps your users can see.

You can put a Linux user in groups, but the groups doesn't control all the things you want. The groups control the file system access. Read more here: http://www.unix.com/tips-tutorials/19060-unix-file-permissions.html (long post)

You can use this script to create 1,500 users on your Ubuntu server:
# adduser.sh   Tobias Holm   2012-03-16
#
# Usage: adduser.sh username password
# Script must be run as root.
# To create multiple users, create a textfile with the username and passwords
#   with one user and password on each line. The run this command:
# while read LINE; do sudo ./adduser.sh $LINE; done < users.txt

user=$1
password=$2

adduser --ingroup users --disabled-password --gecos $user $user

# Set password
tmpdir=/tmp/pwddir$$
mkdir -p $tmpdir
chmod og-rx $tmpdir
echo $password > $tmpdir/pwd
encrypted=`mkpasswd -s < $tmpdir/pwd`
usermod -p $encrypted $user
rm -rf $tmpdir

# For debug, remove if you like
echo user: $user
echo pass: $password
echo -----------------------

Open in new window


Regards, Tobias
0
 

Author Closing Comment

by:jumpseatnews
ID: 37779758
Thank you Tobias!!! Awesome answer!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question