Public Lab with Ubuntu as a Terminal Server
(I posted a version of this guide on the Ubuntu Forums)
Do you manage a public computer lab? Maintaining a single terminal server is so much easier and cheaper than maintaining individual workstations.
Unfortunately, LTSP (the Linux Terminal Server Project) does not support this scenario out of the box. While it supports guest logins, it leaves the work of maintaining these guest accounts up to you. This guide will help you fill in that gap. In particular, it will show you how to make sure that when public users login they get a fresh, clean desktop according to your specifications.
In this guide we’re going to assume that you’re using the Xfce desktop (via Xubuntu), but the guide should work for any other desktop supported by LTSP.
You may want to start with the guide I wrote for installing LTSP. Make sure your clients can boot and login with regular (non-guest) users before proceeding!
Users
Let’s set up our guest user accounts. First, it’s important to understand that these are not the “login as guest” feature implemented by Ubuntu/LightDM. The mechanism used there cannot work with LTSP, because LTSP uses its own greeter. However, in this guide we will simulate that feature.
We need one user named “template”, which we will use to configure our guests, and then unique users for each single terminal. It’s a good idea to use a numbering scheme for your terminals. For this guide, we’ve decided on “lab-” as the prefix:
sudo adduser template
sudo adduser lab01
sudo adduser lab02
sudo adduser lab03
...
Create as many users as you have terminals, and perhaps add a few more if you’re anticipating growth. It’s up to you if you want to use the same password for all “lab-” users or not.
Now, let’s create a “lab” group and add all the users to it:
sudo addgroup lab
sudo usermod -a -G lab lab01
sudo usermod -a -G lab lab02
sudo usermod -a -G lab lab03
...
Guest Session Script
Create a script in a file called “ltsp-session.sh”, which you should put in a common location. In our example, “/opt/ltsp/ltsp-session.sh”:
#!/bin/bash
if groups | grep &>/dev/null '\blab\b'; then
# For users in the 'lab' group, copy from 'template' user
shopt -s dotglob
find /home/$USER/* ! -path /home/$USER/.Xauthority -exec rm -rf {} \;
rsync --archive --exclude .Xauthority /home/template/* /home/$USER/
shopt -u dotglob
chmod -R go-wrx /home/$USER
fi
/usr/bin/xfce4-session
if [ $USER == template ]; then
# Make 'template' user copyable
shopt -s dotglob
chmod -R a+r /home/template/*
find /home/template/* -type d -exec chmod a+x {} \;
shopt -u dotglob
fi
This script runs the usual Xfce session, but adds two things:
- For lab users, before the session starts, it makes sure to delete the home directory and copy it over from the “template” user. Note that we are taking care not to override the .Xauthority file, which is created by X11 per session.
- For the “template” user, we are making sure that after logging out it home directory is readable. This allows the directory to be copied, as we do above.
Note that this script is run as the user logging in, not as root.
Guest Logins
We’ll now configure the LTSP greeter to support a “Login as Guest” feature for each terminal. Edit /var/lib/tftpboot/ltsp/i386/lts.conf (it’s OK to create this file if it doesn’t exist):
[Default]
LDM_XSESSION = /opt/ltsp/ltsp-session.sh
[00:5d:09:22:10:1e]
LDM_GUESTLOGIN = True
LDM_USERNAME = lab01
LDM_PASSWORD = mypassword
[00:5d:09:25:d0:a6]
LDM_GUESTLOGIN = True
LDM_USERNAME = lab02
LDM_PASSWORD = mypassword
[00:5d:09:2c:3e:e9]
LDM_GUESTLOGIN = True
LDM_USERNAME = lab03
LDM_PASSWORD = mypassword
...
Things you will have to change:
- Change LDM_XSESSION to point to a place where you put your “ltsp-session.sh” file.
- You must use the Ethernet MAC addresses for all your terminals. This associates each terminal with a specific “lab-” guest user. You can see the client’s MAC address during its network boot. Note that you can use IP addresses instead of MAC addresses if you prefer. However, this would require you to configure your DHCP server to provide static IP addresses for each terminal, which would in turn still require you to know the MAC addresses. Might as well work directly with MAC!
- Set the appropriate passwords for each “lab-” user.
You will need to rebuild the client OS image:
sudo ltsp-update-image --arch=i386
If you followed my installation guide, you know that you also need to fix the proxy DHCP issue:
(cat <<EOF
ipappend 3
EOF
) | sudo tee -a /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default
Configure the Template
Login as user “template” and configure your desktop and applications as you wish. Logout when done.
In the future you can login as “template” again and change the configuration.
That’s It!
When you next boot your clients they will display a “Login as Guest” button that will provide them with a fresh desktop based on “template”.
Autologin?
It’s also possible to skip the greeter and have clients login straight to their guest user. However, if you do this note that when users log out they will return right back to a new fresh desktop. This may confuse users into thinking they have not really logged out, and so may not be the best idea. Still, if you want this it’s easy to configure by using LDM_AUTOLOGIN instead of LDM_GUESTLOGIN in your ltsp.conf:
[00:5d:09:22:10:1e]
LDM_AUTOLOGIN = True
LDM_USERNAME = lab01
LDM_PASSWORD = mypassword
...