Building a kiosk computer with Chrome

Posted on 26 Dec 2016 in security • 3 min read

Building a Kiosk where Google Chrome is running in full screen and user interaction with the system are reduced to the minimum.

Debian installation

This will be pass as most of you should be able to install a basic Debian system. Just set lvm encryption, strong password for root and for the user and mostly do not install useless program, check only the program you need (ssh for instance).

Installing the packages

We will need a few more packages to be able to run things:

  • X (display server)
  • A light window manager able to run Chrome in full screen
  • Google Chrome
  • sudo to be able to impersonate the user

The first operations will be done using root as the sudo command is not installed yet.

First we add the Google Chrome repository and the key to check the package integrity:

  • Edit the file /etc/apt/source.list and add the following repository:

deb stable main

  • Execute the following command:

wget -qO- | apt-key add -

Then we need to update the package list and install all necessary packages:

apt-get update
apt-get install --no-install-recommends xorg openbox sudo google-chrome-stable

Without the --no-install-recommendsparameter some useless packages will be installed.

Load Chrome in kiosk at startup

We need a script that will configure and load Chrome at the X server startup. As we don't want any data saved between each session we will delete the Chrome profile each time the script is used. Moreover it is in this script that we choose the starting page of Chrome.

Create and edit the script:

sudo vi /opt/

The file content is the following:


xset -dpms
xset s off
openbox-session &
while true; do rm -rf ~/.{config,cache}/google-chrome/
  google-chrome --kiosk --no-first-run  'http://localhost'

Give the execution right to the script:

sudo chmod +x /opt/

In order to start the X server and launch the script, we need to create a systemd service.

In order to to that, create and edit the file /etc/systemd/system/kiosk.service:

sudo vi /etc/systemd/system/kiosk.service

The content of the file is the following:


ExecStart=/usr/bin/sudo –u user /usr/bin/startx /etc/X11/Xsession /opt/ --


We need to enable the script with the following command:

systemctl enable kiosk

To run the script use the following command:

systemctl start kiosk »

You can also reboot in order to check that the script is automatically launch at startup.

If you need a terminal, you can use ++ to get one.

Automatically mount USB key

If your users need to copy data from the machine this paragraph is for you. Otherwise this is just informational.

As our users don't have a shell access they are unable to mount USB key. Therefore we need to automatically mount them.

We need the usbmount package:

apt-get install --no-install-recommends usbmount

The USB keys will be automatically mount into /mnt/usbX.In order for the user to have the permissions to right on it we need to add its uid and gid in the usbmount configuration.

Edit the file /etc/usbmount/usbmount.conf and the user uid and guid to the following line (the uid and gid can be found in /etc/passwd):


The line would be something like the following: