- There are some very helpful gconf settings - run gconf-editor and search for 'lockdown'
- Firefox plugins - I am able to prevent add-ons from being modified, about:config from being accessed, and I took 'preferences' off the menu. Finally - all my users have the same browser.
- gdm scripts - I found a small script to tar up a user account, and when the (kiosk) user logs in it untars the home back to a pristine state.
The last stumbling block was some leftover cruft in /tmp, so I added a line to the user-home-fixer-upper script to clear anything from /tmp related to the kioskuser, and viola, a relatively un-muckable desktop.
So I put the machine back out, and let it marinate in user sauce for a week, and the only thing that had changed was the volume (I'll figure that out eventually). So I called it good, and created an image of the drive to copy to the other systems:
- I plugged in my handy USB drive (labeled Phasmatis ex Machina, from the tool I used before dd ) and did "dd if=/dev/sda ibs=4096 conv=noerror | gzip > kioskimage.dd.gz", then unplugged it (I love that I can do that on a live system).
- I booted the next system with a rescue cd, plugged in Phasmatis and "gunzip -c driveimage.dd.gz | dd of=/dev/sda". Reboot, done... or so I thought.
"Waiting for device /dev/disk/by-id/scsi-SATA_ST340015A_5LA83RY9-part2 to appear: .............. Could not find"After a bit of stumbling around with Google, and the help of countd on #opensuse at freenode, I nailed down the problem:
- /boot/grub/menu.lst was using the drive-id instead of the old-school partition device (/dev/sda).
- ditto for /etc/fstab .
Thanks to opengecko for his excellent post, which summarizes my path to clonedom.