Raspbian Stretch Strict chromium strict kiosk mode

Question

I have setup raspberry pi to autostart chrome in kiosk mode when it boots up and open a locally hosted web application successfully. The web application will require keyboard and mouse for the user to interact with it.

My problem is if I give the user keyboard/mouse access, he'll be free to close the Chromium application using ALT+F4 and start using the raspberry as he wishes.

Is it possible that I can program any script or something that if the user tries to close the chromium application, a login screen should appear. Only after entering the correct login credentials should the user be authorized to close the application and use the raspbian as Desktop?

OR

The user should not be allowed to close the chromium browser at all. So if I wish to change anything in it, I can SSH into it for backend maintenence etc.

Any help or suggestion will be very appreciated.

Answer 1

Whatever you do, you should start Chromium in an autologin session as a totally unprivilleged user -- i.e., not pi, unless you remove all references to it in /etc/sudoers.

he'll be free to close the Chromium application using ALT+F4 and start using the raspberry as he wishes.

If Chromium is the only thing running in the X session, then there is not much s/he'll be able to do, as a bare X session gets you a mouse pointer -- no menus, no hotkeys, no taskbars, no nothing. I have some more stuff about this here:

• https://raspberrypi.stackexchange.com/a/57565/5538 This is some background about the structure of the GUI system (DE, DM, WM, etc.) and using nodm for a kiosk.

• https://raspberrypi.stackexchange.com/a/9692/5538 The takeaway from this would be setting up an .xinitrc with only one application in it (or the script described below). This is an alternative to nodm, literally no DM, no DE.

The user could still use AltCtrlF-[N] to reach a virtual terminal (VT) -- but they will be running login and unless this person has a password, useless.

Note you can disable keys within the X session, see xmodmap. I don't think this is necessary, however.

Is it possible that I can program any script or something that if the user tries to close the chromium application, a login screen should appear.

Without trying I'm not sure, but I think if you run an application in the foreground in an .xinit script, X exits when that application does. This leaves the user still logged in at a VT, unless you actually use a DM.

Alternately, you could try a script like this:

#!/bin/sh

while [ 1 ]; do
    chromium -xyz
done

This will just run chromium (excuse my ignorance of the invocation) over and over again every time it closes.

That probably doesn't really prevent the user from accessing the desktop somehow, but again, if there is no DE and no WM, there is nothing that can be done with it.