Klaus Knopper answers your Linux questions.
Hello, Klaus, I have been using Knoppix since version 6.0; however, version 7.3 is awesome.
I would like to get your recommendations on using Knoppix 7.3 as a kiosk in a classroom setting of 21 laptops (WiFi access to sys admin's Knoppix server with attached printer) for email access and surfing websites.
Your suggestions appreciated in advance. JES
A dedicated "kiosk" mode is not yet built into Knoppix. The
secure boot option (meant for using with
knoppix-terminalserver) when added to the kernel option list, removes the
suid flag by the
nosuid mount option, so the user cannot mount devices, reconfigure the network, or use
sudo to gain administrative access. Also, the root shells running on the text consoles are replaced by unprivileged user shells.
This "secure" mode is supposed to prevent users from modifying the local computer's disks and partitions and restrict Internet use to surfing with the preset addresses only. For starting locally from DVD or USB flash disk, the
secure option makes only limited sense, because a lot of other programs rely on set-user-ID working on the partition containing executable programs, whereas the terminal server client running diskless from an NFS volume will not change its network addresses anyway – to avoid being locked out.
A more interesting problem would be: How can clients be preconfigured with printers, proxy, and shared network drives, so they don't have to be reconfigured each and every time?
One approach for easily preconfiguring clients is to generate a master installation of Knoppix on a USB flash disk with either an overlay partition or the overlay file
knoppix-data.img, which allows you to store local changes permanently over reset.
This solution lets you store:
- 1. Printer settings in CUPS (use http://localhost:631 for configuration) or network settings (using the
network-managerapplet in the taskbar).
- 2. Bookmarks for an intranet web server start page.
- 3. Shortcuts to an intranet file server in the PCManFM file manager. Note you can use the syntax
smb://username@server/sharenameto access an SMB network share on a Samba or Windows file server.
- 4. Add-ons such as a "kiosk mode" browser, browser plugins, and additional software.
- 5. A custom startup sequence (e.g., starting the browser with a specific URL) by editing the LXSession startup file (Figure 1):
sudo leafpad /etc/xdg/lxsession/LXDE/autostart
After all changes are done, you can copy your "kiosk mode" USB flash disk to a disk image – after a regular shutdown and booting into another Linux installation, because if the USB flash disk is still mounted read/write, your copy will contain an unclean filesystem.
For storing an image, you will need additional space, such as a hard disk partition mounted at
/media/sdc1/ in this example. Here,
/dev/sdb is the USB flash disk with the kiosk client installation, which contains all the changes made:
cp /dev/sdb /media/sdc1/usbdisk.img
Or, with optional compression:
gzip -1cv /dev/sdb > /media/sdc1/usbdisk.img.gz
To mass-copy the client USB flash disk from the saved image to a new USB flash disk of the same size (assuming the new flash disk is plugged in at a /dev/sdd), use:
cp /media/sdc1/usbdisk.img /dev/sdd
Or, with decompression, use the following:
gzip -dcv /media/sdc1/usbdisk.img.gz >/dev/sdd
The partition table and master boot record will be copied as well. For the system to recognize the changed partition table, the flash disk needs to be reloaded.
Can you tell me why there seems to be no Linux release that includes it? By the way: Have you noticed that this Knoppix sets the time zone at EDT, which seems to be Eastern Daylight Time, with the result that the time it shows is five hours behind CET. I wrote them about it but received no reaction. JKN
About the time zone issue (see also Linux Magazine #163): On a desktop PC or notebook, there are two clocks: the built-in, real-time (or "BIOS") clock, which is read during boot, and the system time, which is used during normal operation.
Although it is common under Unix/Linux always to leave the BIOS/real-time clock time in Universal time (UTC) and let the system time be set by timezone settings automatically during boot, under Windows, it seems to be common to have the real-time clock in "local time" and even rewrite the real-time clock's time during the daylight saving time switch. It is possible for both operating systems to change the default "BIOS" time interpretation to either "local time" or UTC; however, it's probably easier to do this under Linux than to search for an appropriate setting or registry patch in Windows.
When Knoppix reads the time from the real-time clock, it honors the file
/etc/adjtime, which contains the word
in its last line if the BIOS time is expected in universal time, or
if the BIOS time is "local time" (or rather, "local time difference to UTC").
Changing this file will change Linux behavior when reading the real-time clock with
hwclock -s during system start.
However, GNU/Linux systems will not write back their own system time to the BIOS automatically, unless instructed to do so during system shutdown. Windows, however, will do this frequently, so you may still experience differences when switching to and from daylight savings time. You can also change the time zone by the
tz=… boot parameter, which is located in
boot/syslinux/syslinux.cfg after a flash drive installation.
USB Boot Trouble
Dear Klaus: I was looking forward to trying out your latest release of Knoppix (7.3) as included in Linux Pro Magazine (Issue 161, April 2014).
Knoppix booted just fine from the DVD. I explored some of the Knoppix features and thought that perhaps this was a viable alternative to the Linux Mint that I had been using for some time now. At least it would be an alternative and, if bootable from USB, then an excellent addition to my software resources, without having to commit to a full HD install.
I placed a 16GB USB Flash Drive (tried and tested PNY 16GB Flash Stick) into an available port and attempted to create a bootable USB device using the option on the Knoppix desktop. I choose the
r option and allowed for an optional overlay free space. I elected to reformat the drive and lose all previous data. The program seemed to run to completion with no error messages. However, my machine wouldn't boot from the newly created USB. I went into the BIOS and made sure the boot parameters were set to first use USB. Still no boot. Tried on another machine, but no boot.
I then rebooted into my normal OS of Linux Mint 13 and, upon inserting the Flash drive, discovered that the flash drive was no longer detectable by the OS. I tried the other available USB ports, but the OS never even detected its presence. Nada, nothing. Tried another machine running Windows Vista, and again, the flash drive wasn't detected.
Operating on the assumption that perhaps the flash drive I had chosen to use was defective, and that was the problem, I went out and purchased a brand new SanDisk 16GB USB Flash Drive (Cruzer Fit) solely for the purpose of creating a bootable Knoppix system.
First, I tested the Cruzer USB flash, and it seemed to work OK. List files, create files, etc. It already had the SanDisk software on it, which I normally trash since it only works in Windows.
I then once again booted Knoppix from the DVD and attempted to create a USB boot drive. I chose the
r option, and the optional overlay space, electing to use 7GB. All seemed to be going well. Then, I got a some strange message panel identifying the mount location but without a message, just a symbol of a red circle with a line through it. And, there were now two processes – both the same Knoppix create USB process – going instead of one! After exiting both of these processes, I found that the new flash drive was, just like the previous one, completely unusable.
Exiting Knoppix, I rebooted my daily system (Linux Mint 13 Maya) and tried to use the most recently "created" flash drive. Once again, the drive was not detected upon insertion into an any available USB port. For all practical purposes, it's dead, not even the activity indicator LED blinks.
What is going on? Is there a bug in the software? If there were a fatal problem during the processing shouldn't the software report an error message? Please advise.
System Specs: Asus U46E Laptop; memory 2.9GiB; Intel Core i5-2410M @2.30GHz x 4; Linux Mint release 13 (Maya); 32-bit kernel, Linux 3.2.0-23-generic.
Sincerely yours, Richard
In both cases, the USB flash disks seem to be defective. I'm a little puzzled, because chances are very small that you buy two different brands and both are defective after a write attempt; however, it is even more unlikely that your computer killed them. Opposed to SD card readers, USB controllers usually don't kill USB flash drives of brands they don't like; it's rather the controller on the flash drive itself that fails.
I've had a few cheap USB flash drives that started failing as soon as you write more than a few megabytes at once, this seems to be a chip design failure and of course is a warranty case. Flash drives should not break so easily, no matter which kind of data you write and regardless of whether you chose to repartition. If they do, they were defective on delivery (or by design).
All that the
flash-knoppix installer does is repartition the flash drive, create a filesystem on both partitions, and copy data from the DVD to the filesystem – a very standard procedure. There is not much that could fail here if the flash drive is OK.
The second process you may have seen, btw, is probably the "fork" displaying the progress bar in parallel to the real writing process. It will go away if you close the progress bar or if the copying is finished. The script does not really run twice, it just launches a subprocess for the visual feedback.
A common case that is known to break SD flash as well as (rarely) USB flash drives is when you unplug the device while data is being written on it. The internal controller can lose track of its wear level and defective block list, and, in the worst case, forget about the total capacity of the drive. An indication of this happening is when it's no longer possible to repartition the drive and create a filesystem, or if the capacity shown in the command
is just a few megabytes instead of the 8 or 16GB it had before. So, make sure that you don't unplug before writing to flash is complete. Unfortunately, all visual indicators are unreliable (progress bars as well as a blinking LED on the device); you may just have to wait five or more seconds after the write process ended before unplugging. I still assume it's a warranty case if a flash dies because of this, and you should get a free replacement for the defective USB flash disk at the store that sold it to you.
Klaus Knopper is the creator of Knoppix and co-founder of LinuxTag expo. He currently is a Professor, Dipl. Ing., at the University of Applied Sciences Kaiserslautern. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: firstname.lastname@example.org
Buy this article as PDF
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm