April 17, 2025

Creating a kiosk computer using Ubuntu

🖥️ Setting Up a Secure Ubuntu Kiosk with Auto-Login and Locked-Down GNOME

In this guide, we’ll walk through building a lightweight, secure, and reliable Ubuntu-based kiosk system. This setup is ideal for environments like public information terminals, school displays, or donor welcome screens.

This youtube video helped to get me started: https://youtu.be/TJZJ1_QixxQ?si=ka3V5cM4UwFQaWkU

✅ Goals

  • Efficient: Auto-starts a browser in private mode on login.
  • Secure: No password prompts, screen lock disabled, unnecessary apps hidden.
  • Reliable: Prevents sleep/suspend modes and ensures session persistence.

🔧 Step-by-Step Setup

1. Install Ubuntu Server and Enable SSH

Start with an Ubuntu Server installation and make sure SSH is enabled for remote management.

(Optional: Consider hard-coding the IP for static network environments.)

2. Install Necessary Packages

sudo apt-get install -y ca-certificates gnupg restic iftop cron tasksel unzip
sudo apt-get install -y gnome-session gnome-terminal dconf-editor python3-psutil \
gnome-tweaks dbus-x11 mpv chromium-browser firefox chrome-gnome-shell \
gnome-shell-extension-prefs

3. Create a Kiosk User

sudo adduser --disabled-password kioskuser

4. Enable GNOME Auto-Login

Edit the GDM config:

sudo nano /etc/gdm3/custom.conf

Uncomment and update the following lines:

AutomaticLoginEnable = true
AutomaticLogin = kioskuser

Then validate and enable GDM:

cat /etc/gdm3/custom.conf
sudo systemctl enable gdm3

Don’t worry if you see a message saying GDM can’t be enabled traditionally—it’s expected.

5. Auto-Launch Firefox in Private Mode

sudo mkdir -p /home/kioskuser/.config/autostart
sudo nano /home/kioskuser/.config/autostart/firefox-private-sfc.desktop

Paste in the following:

[Desktop Entry]
Type=Application
Name=Firefox (Private Mode - SFC)
Exec=firefox --private-window https://www.sfc.edu
X-GNOME-Autostart-enabled=true
NoDisplay=false
Comment=Start Firefox in private mode and open SFC website

6. Remove or Hide Unnecessary Apps

sudo mkdir -p /home/kioskuser/.local/share/applications
sudo bash -c '
cd /home/kioskuser/.local/share/applications
for f in *.desktop; do
  if [[ "$f" != "gnome-terminal.desktop" && "$f" != "firefox.desktop" ]]; then
    if grep -q "^NoDisplay=" "$f"; then
      sed -i "s/^NoDisplay=.*/NoDisplay=true/" "$f"
    else
      echo "NoDisplay=true" >> "$f"
    fi
  fi
done
'

7. Set Power & Screen Lock Policies

Create the dconf directory and set permissions:

sudo mkdir -p /home/kioskuser/.config/dconf
sudo chown -R kioskuser:kioskuser /home/kioskuser/.config

Run these commands to disable sleep, lid close behavior, and screen locking:

sudo -u kioskuser dbus-launch dconf write /org/gnome/desktop/screensaver/lock-enabled false
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/lock-on-suspend false
sudo -u kioskuser dbus-launch dconf write /org/gnome/desktop/session/idle-delay "uint32 0"
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/lid-close-ac-action "'nothing'"
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/lid-close-battery-action "'nothing'"
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type "'nothing'"
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout 0
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type "'nothing'"
sudo -u kioskuser dbus-launch dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout 0

8. Ensure No Password Prompts

Edit the PAM config:

sudo nano /etc/pam.d/gdm-password

Add this line:

auth required pam_unix.so nullok

Then unlock the account and confirm:

sudo passwd -d kioskuser
sudo grep kioskuser /etc/shadow  # Make sure line contains '::'

9. Validate Settings

Use the following commands to confirm your setup:

sudo -u kioskuser dbus-launch dconf read /org/gnome/desktop/screensaver/lock-enabled
sudo -u kioskuser dbus-launch dconf read /org/gnome/settings-daemon/plugins/power/lock-on-suspend
sudo -u kioskuser dbus-launch dconf read /org/gnome/desktop/session/idle-delay
sudo -u kioskuser dbus-launch dconf read /org/gnome/settings-daemon/plugins/power/lid-close-ac-action
sudo -u kioskuser dbus-launch dconf read /org/gnome/settings-daemon/plugins/power/lid-close-battery-action

10. Start the Environment

sudo systemctl start gdm3
sudo reboot

🎉 You’re Done!

You now have a fully functional kiosk environment:

  • Firefox launches in private mode to your desired homepage.
  • Power settings prevent interruption.
  • The interface is minimal, clean, and secure.

Leave a Reply

Your email address will not be published. Required fields are marked *