i have checked different distros with RPi, and finally stay stuck with my requirements, and no real answer so far.
Let me explain here in more details.
I need to install in a public area, a RPi device, with mouse, keyboard, printer, screen, ethernet attached and USB access with the following constraint:
- the device need to be accessed by different people that have no "userid", as it is whoever that needs to use this device to surf on "selected/filtered/whitelisted" websites. Assuming that those folks can be between 16 to 100 years old.
- when a user browsed to different websites, and potentially printed what makes sense for him, if he forgot to disconnect, after a couple of minutes of inactivity, his session need to be finished, all the data (even, caches) written in the device need to be fully removed (so if another folk is using the device, there is no data left from the previous session)
- all the activity that a user can do is limited to ONLY browsing to "whitelisted" websites. any other website is by default forbidden.
- access to the system using CLI should not be possible (so no possibility to go into /etc/hosts and add FQDNs to browse directly to forbidden websites for example).
- not possible to add any plugins inside the browser.
- if the user disconnects properly, all the caches need to be flushed
- if the user wants to attach files from/to a USB stick to/from the WebClient, this should be doable, but not through the RPi filesystem. The files should go from/to the USB stick, to the destination Web Server (again,; the goal is to avoid any leftover from this user, if someone else uses his session.
- every day, at the same time, a sanity check is run on the device, and replacing all the files with the "default image" files (in case someone found a way to hack the device)
i am thinking about different options with a screen locker, cron commands, and stuff, but if that already exists, it would save me a bunch of work.
thanks for your feedback and help.