Ask Klaus
Ask Klaus
Klaus Knopper answers your Linux questions.
Kiosk Mode
Hello, Klaus, I have been using Knoppix since version 6.0; however, version 7.3 is awesome.
I would like to get your recommendations on using Knoppix 7.3 as a kiosk in a classroom setting of 21 laptops (WiFi access to sys admin's Knoppix server with attached printer) for email access and surfing websites.
Your suggestions appreciated in advance. JES
A dedicated "kiosk" mode is not yet built into Knoppix. The secure
boot option (meant for using with knoppix-terminalserver
) when added to the kernel option list, removes the suid
flag by the nosuid
mount option, so the user cannot mount devices, reconfigure the network, or use su
or sudo
to gain administrative access. Also, the root shells running on the text consoles are replaced by unprivileged user shells.
This "secure" mode is supposed to prevent users from modifying the local computer's disks and partitions and restrict Internet use to surfing with the preset addresses only. For starting locally from DVD or USB flash disk, the secure
option makes only limited sense, because a lot of other programs rely on set-user-ID working on the partition containing executable programs, whereas the terminal server client running diskless from an NFS volume will not change its network addresses anyway – to avoid being locked out.
A more interesting problem would be: How can clients be preconfigured with printers, proxy, and shared network drives, so they don't have to be reconfigured each and every time?
One approach for easily preconfiguring clients is to generate a master installation of Knoppix on a USB flash disk with either an overlay partition or the overlay file knoppix-data.img
, which allows you to store local changes permanently over reset.
This solution lets you store:
- 1. Printer settings in CUPS (use http://localhost:631 for configuration) or network settings (using the
network-manager
applet in the taskbar). - 2. Bookmarks for an intranet web server start page.
- 3. Shortcuts to an intranet file server in the PCManFM file manager. Note you can use the syntax
smb://username@server/sharename
to access an SMB network share on a Samba or Windows file server. - 4. Add-ons such as a "kiosk mode" browser, browser plugins, and additional software.
- 5. A custom startup sequence (e.g., starting the browser with a specific URL) by editing the LXSession startup file (Figure 1):
sudo leafpad /etc/xdg/lxsession/LXDE/autostart
After all changes are done, you can copy your "kiosk mode" USB flash disk to a disk image – after a regular shutdown and booting into another Linux installation, because if the USB flash disk is still mounted read/write, your copy will contain an unclean filesystem.
For storing an image, you will need additional space, such as a hard disk partition mounted at /media/sdc1/
in this example. Here, /dev/sdb
is the USB flash disk with the kiosk client installation, which contains all the changes made:
cp /dev/sdb /media/sdc1/usbdisk.img
Or, with optional compression:
gzip -1cv /dev/sdb > /media/sdc1/usbdisk.img.gz
To mass-copy the client USB flash disk from the saved image to a new USB flash disk of the same size (assuming the new flash disk is plugged in at a /dev/sdd), use:
cp /media/sdc1/usbdisk.img /dev/sdd
Or, with decompression, use the following:
gzip -dcv /media/sdc1/usbdisk.img.gz >/dev/sdd
The partition table and master boot record will be copied as well. For the system to recognize the changed partition table, the flash disk needs to be reloaded.
JavaScript Required
Dear Sir, I hoped that Knoppix 7.3 that came with Linux Magazine #161 or openSUSE 13.1 (Linux Magazine #162) would at last solve my several years old problem with almost every website: It asks you to use JavaScript. Some of them refuse to continue if you do not.
Can you tell me why there seems to be no Linux release that includes it? By the way: Have you noticed that this Knoppix sets the time zone at EDT, which seems to be Eastern Daylight Time, with the result that the time it shows is five hours behind CET. I wrote them about it but received no reaction. JKN
As a language primarily used for controlling the browser via scripts inside documents, JavaScript is present in Firefox and Chromium, no matter which distro you use. However, because JavaScript can be a security risk due to its potential to manipulate web content shown inside the browser, it is by default turned off for most websites in some distros. This includes Knoppix, where the noscript plugin takes control over which website is allowed for execution of JavaScript and other active content. This is an important security feature that keeps your browser from loading malicious content from infected websites. I'd recommend not turning off this feature in general.
The small "S" logo near the address bar of Firefox/Iceweasel allows you to control JavaScript and dynamic content on a per-website basis. If you want to watch videos using JavaScript/HTML5 or the proprietary flash player, just check the browser's allowance for this site, and it should work as shown in Figure 2.
About the time zone issue (see also Linux Magazine #163): On a desktop PC or notebook, there are two clocks: the built-in, real-time (or "BIOS") clock, which is read during boot, and the system time, which is used during normal operation.
Although it is common under Unix/Linux always to leave the BIOS/real-time clock time in Universal time (UTC) and let the system time be set by timezone settings automatically during boot, under Windows, it seems to be common to have the real-time clock in "local time" and even rewrite the real-time clock's time during the daylight saving time switch. It is possible for both operating systems to change the default "BIOS" time interpretation to either "local time" or UTC; however, it's probably easier to do this under Linux than to search for an appropriate setting or registry patch in Windows.
When Knoppix reads the time from the real-time clock, it honors the file /etc/adjtime
, which contains the word
UTC
in its last line if the BIOS time is expected in universal time, or
LOCAL
if the BIOS time is "local time" (or rather, "local time difference to UTC").
Changing this file will change Linux behavior when reading the real-time clock with hwclock -s
during system start.
However, GNU/Linux systems will not write back their own system time to the BIOS automatically, unless instructed to do so during system shutdown. Windows, however, will do this frequently, so you may still experience differences when switching to and from daylight savings time. You can also change the time zone by the tz=
… boot parameter, which is located in boot/syslinux/syslinux.cfg
after a flash drive installation.
USB Boot Trouble
Dear Klaus: I was looking forward to trying out your latest release of Knoppix (7.3) as included in Linux Pro Magazine (Issue 161, April 2014).
Knoppix booted just fine from the DVD. I explored some of the Knoppix features and thought that perhaps this was a viable alternative to the Linux Mint that I had been using for some time now. At least it would be an alternative and, if bootable from USB, then an excellent addition to my software resources, without having to commit to a full HD install.
I placed a 16GB USB Flash Drive (tried and tested PNY 16GB Flash Stick) into an available port and attempted to create a bootable USB device using the option on the Knoppix desktop. I choose the r
option and allowed for an optional overlay free space. I elected to reformat the drive and lose all previous data. The program seemed to run to completion with no error messages. However, my machine wouldn't boot from the newly created USB. I went into the BIOS and made sure the boot parameters were set to first use USB. Still no boot. Tried on another machine, but no boot.
I then rebooted into my normal OS of Linux Mint 13 and, upon inserting the Flash drive, discovered that the flash drive was no longer detectable by the OS. I tried the other available USB ports, but the OS never even detected its presence. Nada, nothing. Tried another machine running Windows Vista, and again, the flash drive wasn't detected.
Operating on the assumption that perhaps the flash drive I had chosen to use was defective, and that was the problem, I went out and purchased a brand new SanDisk 16GB USB Flash Drive (Cruzer Fit) solely for the purpose of creating a bootable Knoppix system.
First, I tested the Cruzer USB flash, and it seemed to work OK. List files, create files, etc. It already had the SanDisk software on it, which I normally trash since it only works in Windows.
I then once again booted Knoppix from the DVD and attempted to create a USB boot drive. I chose the r
option, and the optional overlay space, electing to use 7GB. All seemed to be going well. Then, I got a some strange message panel identifying the mount location but without a message, just a symbol of a red circle with a line through it. And, there were now two processes – both the same Knoppix create USB process – going instead of one! After exiting both of these processes, I found that the new flash drive was, just like the previous one, completely unusable.
Exiting Knoppix, I rebooted my daily system (Linux Mint 13 Maya) and tried to use the most recently "created" flash drive. Once again, the drive was not detected upon insertion into an any available USB port. For all practical purposes, it's dead, not even the activity indicator LED blinks.
What is going on? Is there a bug in the software? If there were a fatal problem during the processing shouldn't the software report an error message? Please advise.
System Specs: Asus U46E Laptop; memory 2.9GiB; Intel Core i5-2410M @2.30GHz x 4; Linux Mint release 13 (Maya); 32-bit kernel, Linux 3.2.0-23-generic.
Sincerely yours, Richard
In both cases, the USB flash disks seem to be defective. I'm a little puzzled, because chances are very small that you buy two different brands and both are defective after a write attempt; however, it is even more unlikely that your computer killed them. Opposed to SD card readers, USB controllers usually don't kill USB flash drives of brands they don't like; it's rather the controller on the flash drive itself that fails.
I've had a few cheap USB flash drives that started failing as soon as you write more than a few megabytes at once, this seems to be a chip design failure and of course is a warranty case. Flash drives should not break so easily, no matter which kind of data you write and regardless of whether you chose to repartition. If they do, they were defective on delivery (or by design).
All that the flash-knoppix
installer does is repartition the flash drive, create a filesystem on both partitions, and copy data from the DVD to the filesystem – a very standard procedure. There is not much that could fail here if the flash drive is OK.
The second process you may have seen, btw, is probably the "fork" displaying the progress bar in parallel to the real writing process. It will go away if you close the progress bar or if the copying is finished. The script does not really run twice, it just launches a subprocess for the visual feedback.
A common case that is known to break SD flash as well as (rarely) USB flash drives is when you unplug the device while data is being written on it. The internal controller can lose track of its wear level and defective block list, and, in the worst case, forget about the total capacity of the drive. An indication of this happening is when it's no longer possible to repartition the drive and create a filesystem, or if the capacity shown in the command
cat /proc/partitions
is just a few megabytes instead of the 8 or 16GB it had before. So, make sure that you don't unplug before writing to flash is complete. Unfortunately, all visual indicators are unreliable (progress bars as well as a blinking LED on the device); you may just have to wait five or more seconds after the write process ended before unplugging. I still assume it's a warranty case if a flash dies because of this, and you should get a free replacement for the defective USB flash disk at the store that sold it to you.
Klaus Knopper
Klaus Knopper is the creator of Knoppix and co-founder of LinuxTag expo. He currently is a Professor, Dipl. Ing., at the University of Applied Sciences Kaiserslautern. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.