Hacker Public Radio

This show has been flagged as Clean by the host.

Create a Linux kiosk at your library

Start without a guest account

The first few steps of this process don’t actually require a guest user directory to exist, so do NOT create your guest user account yet. However, you do need to choose what your guest user account is going to be called. A reasonable account name for Don’s purposes is libraryguest. On my personal computer I call my guest account guestaccount, and I’ve used kioskguest on some installations. I avoid just the name “guest” because in modern computing the term “guest” gets used in a few other ways (such as a “guest operating system” in a virtual environment), and it’s just easier to find something unique in logs.

Choose a unique name for you guest account, but don’t create it yet. For this article, I’m using libraryguest.

Create the PostSession script

By default, GDM recognises several states: Init, PostLogin, PreSession, and PostSession. Each state has a directory located in /etc/gdm. When you place a shell script called Default in one of those directories, GDM runs the script when it reaches that state.

To trigger actions to clean up a user’s environment upon logout, create the file /etc/gdm/PostSession/Default. You can add whatever actions you want to run upon logout to the Default script. In the case of Don’s library, we wanted to clear everything from the guest’s home directory, including browser history, any LibreOffice files or GIMP files they may have created, and so on. It was important that we limited the very drastic action of removing all user data to just the guest user. We didn’t want the admin’s data to be erased upon logout, so whatever rule we added to /etc/gdm/PostSession/Default had to be limited to the guest user.

Here’s what we came up with:

#!/usr/bin/sh
echo "$USER logged out at `date`" >> /tmp/PostSession.log
if [ "X$USER" = "Xlibraryguest" ]; then
rm -rf "$HOME"
fi
exit 0
The first line is for logging purposes. The /tmp directory gets cleared out on most distributions automatically, so we weren’t worried about creating a file that’ll grow forever and eventually crash the computer. If your distribution of choice doesn’t clean out /tmp automatically, create a cron job to do that for you.

GDM knows what user triggered the logout process, so the if statement verifies that the user logging out is definitely the libraryguest user (that’s the literal name of the user we created for library patrons).
Note that the whitespace around the square brackets is important, so be precise when typing!

As long as it is libraryguest, then the script removes the entire user directory ($HOME). That can be extremely dangerous if you make a mistake, so do thorough testing on a dummy system before implementing a script like this! If you get a condition wrong, you could erase your entire home directory upon logout.

In this example, I’ve successfully limited the rm command to a logout action performed by user libraryguest. The entire /home/libraryguest directory is erased, and the computer returns to the GDM login screen. When a new user logs in, a fresh directory is created for the user.

You can put any number of commands in your script, of course. You don’t have to erase an entire directory. If all you really want to do is clear browser history and any stray data, then you can do that instead. If you need to copy specific configuration files into the environment, you can do that during the PreSession state.

Just be sure to test thoroughly before committing your creation to your users!

What happens when the guest doesn’t log out

At this point, the computer erases all of the user’s data when the user logs out, but a reboot or a shutdown is different to a logout. GDM doesn’t enter a PostSession state after a reboot signal has been received, even if the reboot occurs during an active GDM session.

The easiest and safest way to erase an entire home directory when there’s a cut to system power is to use a temporary RAM filesystem (tmpfs) to house the data in the first place. If the systems you’re configuring have 8 GB or more, and the system is exclusively used as a guest computer, you can probably afford to use RAM as the guest’s home directory. If your system doesn’t have a lot of RAM, then you can use the systemd work-around in the next section.

Assuming you have the RAM to spare, and that your systems are supported by a backup power supply, you can add a tmpfs entry in /etc/fstab. In this example, my tmpfs is mounted to /home/libraryguest and is just 2 GB:

tmpfs /home/libraryguest tmpfs rw,nosuid,nodev,size=2G 0 0
That’s plenty of space for some Internet browsing and even a few LibreOffice documents to be saved while a user works.

Mount the new volume:

$ sudo mount /home/libraryguest
Next, you must create the libraryguest user manually in a terminal.
The useradd command creates user profiles:

$ sudo useradd --home-dir /home/libraryguest libraryguest
useradd: warning: the home directory /home/libraryguest/ already exists.
useradd: Not copying any file from skel directory into it.
Because you’ve already created a location for the home directory, you do get a warning after creating the user. It’s only a warning, not a fatal error, and the guest account is automatically populated later.

Create a password for the new user:

$ sudo passwd libraryguest
That’s it! You’ve created a guest account that refreshes with every logout and every reboot. You can skip over the next section of this article.

Using systemd targets instead of a ramdisk

Assuming you can’t create a ramdisk for temporary user data, you can instead create a systemd service that runs a script when the reboot, poweroff, and multi-user targets are triggered:

[Unit]
Description=Kiosk cleanup
[Service]
Type=oneshot
ExecStart=/usr/local/bin/kiosk-cleanup.sh
[Install]
WantedBy=poweroff.target reboot.target multi-user.target
Save the file to /etc/systemd/system/kioskmode.service and then enable it:

$ sudo systemctl enable --now kioskmode
The script, like the GDM script, removes the libraryguest directory. Unlike GDM script, this one must also recreate an empty home directory and grant it user permissions:

#!/usr/bin/bash
rm -rf /home/libraryguest
mkdir /home/libraryguest
chown -R libraryguest:libraryguest /home/libraryguest
Grant the script itself permission to run:

$ sudo chmod +x /usr/local/bin/kiosk-cleanup.sh
Now the libraryguest user data is erased after:

Logout

Reboot

Shutdown

Startup

Essentially, no matter how the computer loses its session or its power, the libraryguest account starts fresh when a new session is started.

Security and privacy

Using systemd to erase data at shutdown and startup isn’t strictly as secure as using a temporary ramdisk for all user data. Should the computer lose power suddenly, all saved user data in the libraryguest account is present during the next boot. Of course, it’s erased as soon as multi-user.target is called by systemd, but it is technically possible to interrupt the boot process and mine for data. You must use full drive encryption to protect data from being discovered by an interrupted boot sequence.

Why not just use xguest

On many Linux distributions, the xguest package is designed to provide the Guest account, which resets after each logout. It was an extremely useful package that I installed on every machine I owned, because it’s handy to be able to let friends use my computer without risking them making a mess of my home directory. Lately, it seems that xguest is failing to launch a desktop, however, presumably because it relies on X11.

If xguest works for you in your tests, then you may want to use it instead of the solution I’ve presented here. My solution offers a lot of flexibility, thanks to GDM’s autodetection of session states.

Kiosks in libraries

Privacy and personal information is more important than ever. Regardless of how you setup a kiosk for your library, you have an obligation to your users to keep them informed of how their data is being stored. This goes both ways. Users need to know that their data is destined to be erased as soon as they log out, and also they deserve to be assured that their data is not retained.

However, it’s also your responsibility to admit that glitches and exceptions could occur. Users need to understand that the computer they’re using are public computers on a public network. Encryption is being used for traffic and for data storage, but you cannot guarantee absolute privacy.

As long as everyone understands the arrangement, everyone can compute with confidence. Linux, GDM, and systemd are great tools to help libraries create a sustainable, robust, honest, and communal computing platform.

Show notes taken from https://www.both.org/?p=13327Provide feedback on this episode.

This show has been flagged as Clean by the host.


1985, I started to work at a telecom equipment manufacturer. We
had a main frame computer in our combined office- and lab room. We
were four sitting in the room and it was this one terminal for all
of us and maybe even for someone more.


Downstairs, we at component technology department had our big
climate controlled laboratories. I used an HP 85 computer
having the Basic programming language to automize measurements of
resistors. And there were several more of them for other
measurements of various electronic components. Also more advanced
computers were used in the labs and as I recall also with other
languages than Basic. I remember I learned briefly a bit about one
of those languages but have forgotten which one.


The secretary at the department could send Telex messages around
the world. We handed a hand written manuscript to her and she
typed it into the Telex
system. And she had a Xerox computer with big, at least the
8 inch floppy discs.


Not so many years later my manager got a Personal computer running
DOS and some years later it DOS computers also
to the staff. But also very early we had a Sun Unix station. And
for many years Unix became my daily driver at work.


Before I started to work, in school we had some education in Basic programming.
We were using the at least in Sweden very successful and good Luxor ABC 80
computer. At the end of my school time, my school got the top
notch ABC 800 with colour screen.

At home so I could get a chance to learn somewhat more about
computers and Basic programming in my own pace, I got a Zinclair ZX 80
computer, which I later upgraded to ZX 81.


One summer job when I was a student I was at Televerket,
the Swedish PTT. It meant that I visited numerous of exchange
stations. Many at the country side, some with very few subscribers
so I could hear the relay start when someone was making a call. At
bigger stations it was noise from relays all the time.


As I mentioned, after studies were completed I was working with
telecom equipment in particular for land line telephony. Not at
least I worked with components for the line cards, the card at the
telephone exchange that is facing towards the end user.


The book The_Cuckoo's_Egg is a hacker thriller based on a
true story that happened in the mid-1980's going on for a year. It
was written by the hunter shortly after.


Cliff Stoll describes Unix commands, which are similar to
Linux. He talks about passwords, about encryption and a lot more.
Many technical details he describes by using analogy with more
common non technical life examples.


A security hole in GNU-Emacs
software, a software still around today, plays a central
role in how the hacker could penetrate. To fix and update security
holes are very relevant today as well.


Many things in computers and technology have changed. But at the
same time very much of the problems are valid today although they
are somewhat different. And the way he describes technical details
for the non-technical reader are relevant also today, I believe.


At the same time as the book has many technical details, he also
describes the daily life at home, the left wing culture he
belonged to at the university, his long hair and the dress code he
belonged to. And the music. He also describes his contacts to
numerous authorities and frustration in those contacts. I am very
impressed of his analytical research approach, his persistence,
his skills and inventiveness including inventiveness of his girl
friend and others.


One take away for me is that he kept a detailed log book. It is an
important research tool. The log book together with the print outs
of exactly what the hacker did were core references for analyzing
and make conclusions, retract and change conclusions when new
information lead to that earlier assumptions were wrong.


He also wrote a technical paper about it before he wrote the book.
For those interested, there are several videos with him of later
date on various topics.
Provide feedback on this episode.

This show has been flagged as Clean by the host.

Warning, this episode containers some spoilers for movies.

The following movies are in my cybersecurity movie library. The ones marked * are included in review in this episode.

2001: A Space Odyssey (1968) *

AntiTrust (2001)

Blackhat (2015)

Blade Runner (1982)

Catch Me If You Can (2002)

Citizenfour (2015)

CSI: Cyber (2015)

Enemy of the State (1998)

Firewall (2006)

Gattaca (1997) *

Ghost in the Shell (1995)

Hackers (1995) *

Heartbreakers (2001)

The Imitation Game (2014)

I, Robot (2004)

Johnny Mnemonic (1995)

Jurassic Park (1993) *

The KGB, the Computer and Me (1990) * - Youtube link

The Lives of Others (2006) *

Lo and Behold, Reveries of the Connected World (2016)

The Matrix (1999)

The Matrix Reloaded (2003) *

The Matrix Revolutions (2003)

Minority Report (2002)

Mission: Impossible (1996) *

Mr. Robot (2015)

The Net (1995) *

The Net 2.0 (2006)

Ocean's Eleven (2001)

Office Space (1999) *

Person of Interest (2011) *

Revolution OS (2001)

The Social Network (2010)

Sneakers (1992) *

Superman III (1983) *

Surrogates (2009)

Swordfish (2001)

Takedown (2000)

Tron (1982) *

WarGames (1983) *

Slashdot "Best Hacker movie" poll (August 2001):

https://slashdot.org/poll/683/best-hacker-flick

This episode contains short except clips from some of these movies used under free use for demonstration.

Provide feedback on this episode.

This show has been flagged as Explicit by the host.

New hosts

Welcome to our new hosts:

Jim DeVore,
Carmen-Lisandrette.

Last Month's Shows

Id
Day
Date
Title
Host

4544
Thu
2026-01-01
Uncommon Commands, Episode 2
Deltaray

4545
Fri
2026-01-02
YouTube Subscriptions 2025 #12
Ahuka

4546
Mon
2026-01-05
HPR Community News for December 2025
HPR Volunteers

4547
Tue
2026-01-06
Cheap Yellow Display Project Part 6: The speed and timing of Morse
Trey

4548
Wed
2026-01-07
YouTube Subscriptions 2025 #13
Ahuka

4549
Thu
2026-01-08
[deprecated] Pomodoro Task Tool (pomotask.sh)
candycanearter

4550
Fri
2026-01-09
Playing Civilization V, Part 7
Ahuka

4551
Mon
2026-01-12
“Elsbeth in IT: Since ’97” (Part 2)
Elsbeth

4552
Tue
2026-01-13
Printer Conspiracy
MrX

4553
Wed
2026-01-14
Nuclear Reactor Technology - Ep 4 Less Common Reactor Types
Whiskeyjack

4554
Thu
2026-01-15
How I do todo
Jim DeVore

4555
Fri
2026-01-16
HPR Beer Garden 8 - Belgian Christmas Ales
Kevie

4556
Mon
2026-01-19
Nitro man! RC Cars
operat0r

4557
Tue
2026-01-20
Why I prefer tar to zip
Klaatu

4558
Wed
2026-01-21
YouTube Subscriptions 2025 #14
Ahuka

4559
Thu
2026-01-22
Enkele off line vertaaltools
Ken Fallon

4560
Fri
2026-01-23
Arthur C. Clarke: Other Works, Part 2
Ahuka

4561
Mon
2026-01-26
A bit about Mission:Libre, a new project for 11-14 year olds in free software
Carmen-Lisandrette

4562
Tue
2026-01-27
Software development doesn't end until it's packaged
Klaatu

4563
Wed
2026-01-28
Nuclear Reactor Technology - Ep 5 Fast Reactors
Whiskeyjack

4564
Thu
2026-01-29
MakeMKV error
Archer72

4565
Fri
2026-01-30
HPR Beer Garden 9 - Barley Wine
Kevie

Comments this month

These are comments which have been made during the past month, either to shows released during the month or to past shows.
There are 20 comments in total.

Past shows

There are 6 comments on
5 previous shows:

hpr4313
(2025-02-12) "Why I made a 1-episode podcast about a war story"
by Antoine.

Comment 3:
Ken Fallon on 2026-01-23:
"Spammer"

hpr4424
(2025-07-17) "How I use Newsboat for Podcasts and Reddit"
by Archer72.

Comment 7:
Ken Fallon on 2026-01-03:
"Some podcast aggregators show ccdn.php as file name #321"

Comment 8:
Archer72 on 2026-01-05:
"Re: download-filename-format for HPR podcasts"

hpr4532
(2025-12-16) "Cheap Yellow Display Project Part 5: Graphical User Interface "
by Trey.

Comment 2:
Ken Fallon on 2026-01-10:
"Possible Graphics Library"

hpr4536
(2025-12-22) "Welcome to the Linux Community"
by Deltaray.

Comment 6:
Archer72 on 2026-01-05:
"Re: Good talk CliMagic"

hpr4543
(2025-12-31) "Nuclear Reactor Technology - Ep 3 Reactor Basics"
by Whiskeyjack.

Comment 2:
Kevin O'Brien on 2026-01-01:
"Really enjoying this series"

This month's shows

There are 14 comments on 9 of this month's shows:

hpr4546
(2026-01-05) "HPR Community News for December 2025"
by HPR Volunteers.

Comment 1:
Archer72 on 2026-01-06:
"Nuclear Reactor series"
Comment 2:
Henrik Hemrin on 2026-01-07:
"Linux"

hpr4551
(2026-01-12) "“Elsbeth in IT: Since ’97” (Part 2)"
by Elsbeth.

Comment 1:
operat0r on 2026-01-15:
"White Male"

hpr4552
(2026-01-13) "Printer Conspiracy"
by MrX.

Comment 1:
candycanearter07 on 2026-01-24:
"printer issues"

hpr4554
(2026-01-15) "How I do todo"
by Jim DeVore.

Comment 1:
brian-in-ohio on 2026-01-17:
"Welcome"
Comment 2:
candycanearter07 on 2026-01-24:
"good first show!"

hpr4555
(2026-01-16) "HPR Beer Garden 8 - Belgian Christmas Ales"
by Kevie.

Comment 1:
KarldaTech on 2026-01-16:
"Christmas Ale"

hpr4557
(2026-01-20) "Why I prefer tar to zip"
by Klaatu.

Comment 1:
candycanearter07 on 2026-01-20:
"interesting experiment"

hpr4559
(2026-01-22) "Enkele off line vertaaltools "
by Ken Fallon.

Comment 1:
ClaudioM on 2026-01-23:
"Just What I Needed!"
Comment 2:
mnw on 2026-01-26:
"Great Recommendations!"

hpr4561
(2026-01-26) "A bit about Mission:Libre, a new project for 11-14 year olds in free software"
by Carmen-Lisandrette.

Comment 1:
Henrik Hemrin on 2026-01-27:
"Happy to learn about the project"
Comment 2:
candycanearter07 on 2026-01-28:
"cool project"

hpr4563
(2026-01-28) "Nuclear Reactor Technology - Ep 5 Fast Reactors"
by Whiskeyjack.

Comment 1:
mnw on 2026-01-29:
"Great Series"
Comment 2:
Whiskeyjack on 2026-01-29:
"hpr4563 :: Nuclear Reactor Technology - Ep 5 Fast Reactors"

Mailing List discussions

Policy decisions surrounding HPR are taken by the community as a whole. This
discussion takes place on the Mailing List
which is open to all HPR listeners and contributors. The discussions are open
and available on the HPR server under Mailman.

The threaded discussions this month can be found here:

https://lists.hackerpublicradio.com/pipermail/hpr/2026-January/thread.html

Events Calendar

With the kind permission of LWN.net we are linking to
The LWN.net Community Calendar.

Quoting the site:

This is the LWN.net community event calendar, where we track
events of interest to people using and developing Linux and free software.
Clicking on individual events will take you to the appropriate web
page.
Provide feedback on this episode.

This show has been flagged as Clean by the host.

With winter in full swing in the UK, Dave and Kevie continue their look at winter warmer ales with a review of a couple of British Barley Wine ales. Dave samples Ridgeway's
Criminally Bad Elf
whilst Kevie tries out a lmited release from Chiltern Brewery
Roger Bodger's Barley WIne.

Connect with the guys on Untappd:

Dave

Kevie

The intro sounds for the show are used from:

https://freesound.org/people/mixtus/sounds/329806/

https://freesound.org/people/j1987/sounds/123003/

https://freesound.org/people/greatsoundstube/sounds/628437/

Provide feedback on this episode.