Hi,

My Linux knowledge is not great and I am configuring computers that should be used to connect to a remote server via Remmina only.

The goal is to enable the users to connect to the remote server and to restrict their interaction with the local OS.

I installed Ubuntu server and did the following configurations :

LVM partition, encrypted

sudo apt-get install remmina

sudo adduser *username*

Autologin of *username*
	sudo nano /etc/systemd/logind.conf
		NAutoVTs=6
		ReserveVT=7
	sudo mkdir /etc/systemd/system/getty@tty1.service.d/
	sudo nano /etc/systemd/system/getty@tty1.service.d/override.conf
		[Service]
		ExecStart=
		ExecStart=-/sbin/agetty --noissue --autologin *username* %I $TERM
		Type=idle

Install xinit
	sudo apt install xinit
	sudo nano /etc/X11/xinit/xinitrc
		setxkbmap -layout en
		exec remmina
		Comment ". /etc/X11/Xsession"

Auto startx
	nano .profile
	Add
		#StartX Autostart
		if [[ -z "$DISPLAY" ]] && [[ $(tty) = /dev/tty1 ]]; then
		. startx
		logout
		fi

Hide cmdlines
	sudo nano /etc/default/grub
		Edit line
			GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
	sudo update-grub
	sudo nano /etc/default/grub.d/50-curtin-settings.cfg
		Add line
			GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
	sudo update-grub

It is working almost as it needs to but as I’m not experienced I’m wondering if my configuration is a good way of achieving my goal. Could I improve something ?

Ideally I want to restrict the users ability to change the configurations of Remmina but I didn’t find a good solution yet.

It is a bit slow to boot. Maybe some useless services are being started and I could disable them ? How could I know what services are not needed by Remmina and could be disabled ? Or would it be easier for me to use a minimal distribution like Arch ? Could I still apply my configuration steps or am I going to need to change everything ?

Thanks in advance for any insight.

    • astraeus@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      You could set their users up with non-power user access on the Windows host and that should be enough to keep them from accessing OS features or things they shouldn’t.