6.5. xguest: Kiosk Mode
The xguest package provides a kiosk user account. This account is used to secure machines that people walk up to and use, such as those at libraries, banks, airports, information kiosks, and coffee shops. The kiosk user account is very limited: essentially, it only allows a user to log in and use Firefox to browse Internet websites. Guest user is assigned to
xguest_u, see Table 3.1, “SELinux User Capabilities”. Any changes made while logged in with this account, such as creating files or changing settings, are lost when you log out.
To set up the kiosk account:
- As root, install the xguest package. Install dependencies as required:
yum install xguest
- In order to allow the kiosk account to be used by a variety of people, the account is not password-protected, and as such, the account can only be protected if SELinux is running in enforcing mode. Before logging in with this account, use the
getenforceutility to confirm that SELinux is running in enforcing mode:
getenforceEnforcingIf this is not the case, see Section 4.4, “Permanent Changes in SELinux States and Modes” for information about changing to enforcing mode. It is not possible to log in with this account if SELinux is in permissive mode or disabled.
- You can only log in to this account using the GNOME Display Manager (GDM). Once the xguest package is installed, a
Guestaccount is added to the GDM login screen.