4

I created a script that, when executed, leaves the user with a blank screen where he can only type, much like a typewriter. It's a Python script, and I intend to port it to pure Bash eventually.

Now I want to generate a LiveUSB where this script runs at startup, and the one and only thing you can do when you boot is type text (and of course you should be able to turn off the system somehow). I don't even want any GUI, or any way for the user to bypass this "home screen". I want it to be a single-purpose, "Kiosk mode" CLI environment. This is similar to PyRoom, only at the level of the OS and without a GUI.

So the question is (and I am not quite experienced with boot configuration): what would be the typical steps do achieve that? Where should I put the script, and how do I tell the booting system to run it right away at startup?

heltonbiker
  • 141
  • 4

2 Answers2

3

You can set up automatic login to the terminal by messing with the options to the getty program; if you use agetty, you add --autologin <username>, as shown here.

You can then set that user's login shell to whatever you like. It should not be listed in /etc/shells so that the user can't change it with chsh. Assuming you want security against the user getting to a normal shell (and thus being able to do arbitrary things), you need to ensure that they can't get there from within your program. If your program is the login shell, then quitting will just end the session and drop back into getty (which will then presumably autologin you again back into the same program).

Gilles 'SO- stop being evil'
  • 829,060
Tom Hunt
  • 10,056
1

You can replace init with a simple program that runs your script. I set up an Ubuntu 15.04 VM and wrote this simple program, saved as init.c:

int main() {
  system("/bin/bash -c /init.sh");
  return 0;
}

and a simple script:

#!/bin/bash
echo Start:
while read line; do
  echo -n "Upside down: "
  echo $line | tr '[unbqdphymwaefjg]' '[nuqbpdyhwmeajf6]'
done
init 0

and compiled and installed it as root (make sure you do this in a VM that you've snapshotted, or otherwise know how to fix your system):

gcc init.c -o init
sudo cp init /init
sudo ln -sf /init /sbin/init
sudo cp init.sh /init.sh

and rebooted, and I get my prompt and no easy way to break out.

enter image description here

You should be able to combine that with the OEM installer and remove a bunch of the unnecessary stuff, and make a nice small ISO.

  • I would recommend against this method, as it would break all kinds of things. The system would lack any kind of functionality, since you remove any possibility of initialization. – Wouter Verhelst Oct 23 '15 at 06:43
  • @WouterVerhelst - thats ridiculous. – mikeserv Oct 24 '15 at 00:23
  • @mikeserv, no it isn't, although rereading I'll grant you that it's inaccurate. What I meant was that you'll lose many things, like network, remote management, updates, sound, the ability to mount any filesystem other than the root one, etc etc etc. That's a pretty high price to pay, especially in the knowledge that there are other ways to do this (e.g., custom shell and auto login). – Wouter Verhelst Oct 24 '15 at 09:27
  • @WouterVerhelst - you dont have to lose any of that. you dont remove any possibility of initialization - instead you merely rein it in. why would you initialize any of that if all you wanted was exec cat anyway? granted, i consider just setting the init= kernel parameter a little more simple than the suggestions herein - especially in that the same initramfs can be used with a regular boot and with the kiosk stuff and boot the same system without hassle, but its silly to suggest that not doing stuff that isnt wanted is somehow detrimental. – mikeserv Oct 24 '15 at 10:18
  • I know, which is why I didn't vote it down: it works as advertised, and does what the OP wants, pretty much. It's just that there's a major downside which wasn't mentioned, and I think it's important to mention such things, too. In addition, since there's another possibility, which also works as advertised but doesn't have that major downside, personally I think that's the better option. But hey, if someone prefers this and they don't care about the problems it creates, who all I to care? – Wouter Verhelst Oct 26 '15 at 06:23