Create a desktop for kids
From LXF Wiki
(Originally written by Andy Channelle for Linux Format issue 83.)
Kids, eh? They're curious, naive and, well, hopelessly mischievous. We show you how to keep children safe from the net and your PC safe from the children, with their own custom desktop.
We all comfort ourselves with the thought that our Linux systems are far more secure than any Windows or Mac machines. Not only is it difficult for crackers to infiltrate a Linux box, but decent user access controls mean that if someone did get in, they would have trouble messing with the system. However, one aspect of computer security has actually received much less attention on Linux than on other OSes: parental control.
Happily, as distro vendors look beyond sysadmins and hackers, they are starting to tackle the subject. In this tutorial we'll use some of the new technology to set up a tailored desktop environment for young children. They'll have a kid-friendly place to access their favourite websites and applications; you'll be confident they won't stumble into unsavoury areas of the internet or accidentally trash other parts of the system. We'll be adding and configuring users, restricting access to local devices, creating desktop shortcuts to websites, and filtering web content.
We've used the 6.06 version of Ubuntu, though the processes and software discussed here are adaptable to any desktop Linux distribution. Ubuntu's sister project, Edubuntu, has addressed ways to restrict pupil access to particular types of websites in schools, and elements of the software available to do this have filtered into the main Ubuntu repositories, so it's perfect for us.
|Table of contents|
Step 1: Give 'em some space
The first thing to do is create a new user space for the child or children in question. In Ubuntu, the procedure is accomplished in the User Account Editor, which is available via System > Administration > Users And Groups. This dialog box has space to enter the username, full name, password etc.
Once you've entered these, you can set up `user privileges', which should really be renamed `user restrictions' because that's what we're using them for. The simple way to set them up is to select the User Privileges tab then decide which of the options you'd like to deny. The obvious thing to restrict is Executing System Administration Tasks, but there are quite a few other options in here, including preventing the addition of printers, access to floppy discs and the sending of faxes. Don't underestimate children's aptitude for accessing technology and abusing it in a way that a/ loses hours of careful work and user settings, b/ embarrasses you in front of colleagues, or c/ gets jam everywhere.
Once you're happy with the selection, hit the OK button and the user will be created, complete with their own /home directory, subject to the restrictions set. For people setting up accounts for lots of children in a school perhaps the middle Advanced tab of the Users And Groups dialog is especially helpful, as it allows the creation of Profiles, which can be applied to any new or existing users at the click of a button. This tool provides all the options and restrictions we explored earlier. It is also possible to set up a group and use the User Privileges tab to change individual access controls so that, for example, an older child is able to access iPods while younger children are not.
It goes without saying that these elements can only be changed by a user with administration privileges so keep your password safe from the kids or the whole endeavour will be fruitless! The other part of the Users And Groups configuration utility is, of course, Groups, but it's much less common to mess around with entries in here. However, I think it's a good idea to set up a new group labelled something like `Kids' exclusively for the children, so you can grant access to shared directories on a group rather than individual basis and save a little bit of time.
Top kid-friendly apps
All of these should be available for your distro through the normal package manager or online.
- GCompris: The granddaddy of Linux ejumacation packages, this features a ton of games aimed at improving a child's familiarity with the computer, number and letter games, puzzles, sorting games...
- Tuxpaint: A fantastic open source painting application that comes complete with some excellent virtual `stamps' for adding pictures of coins, planets, penguins or fish to your picture.
- Childsplay: A new competitor of GCompris designed, the makers claim, to offer a more 'game-like' experience. It's still a young project.
- GnuChess: If John Stuart Mill could speak Latin at the age of three, then six- and seven-year-olds can learn to play chess. This is an excellent package.
- ZSnes: If, like the Channelle household, you've just rediscovered the joys of the SNES, ZSnes is a great open source emulator that will let you play your favourite games on Linux.
Step 2: Clean up the desktop
With the users set up, it's now possible to configure each desktop individually. Much of this can be done by the `owner' of the desktop they can have fun choosing a background image, screensaver and so on but there are some bits that will need sorting before they're let loose.
Firstly, Ubuntu favours a very clean desktop, but the things left on there by default, usually the physical hard disk volumes, are none too useful. To change this, do Applications > Accessories > Terminal and type gconf-editor to open the Ubuntu equivalent of Windows Registry. Now you need to navigate through the lists to Apps > Nautilus > Desktop to reveal various options. Deselect the Volumes_visible button to remove the disk icons and then select Home_icon_visible and Trash_icon_visible to add these functions to the desktop. To provide quick access to volumes, CDs etc, the Computer_visible option gives you the equivalent of Microsoft's My Computer icon. Of course, you could leave the desktop completely blank, but quick access to files and the recycle bin are quite handy. Close down the Gconf-editor (File > Quit).
It is possible in Ubuntu and other Gnome-based distros such as Fedora Core to completely restructure the available menus using the Alacarte Menu Editor (Applications > Accessories > Alacarte Menu Editor). But as my desktop is for a young girl who is going to use a very limited range of applications (essentially a web browser, a couple of games and a music player), it's easier, and probably a little more secure, to do away with the menu structure altogether and build an OS X- style dock at the bottom of the screen with single-click access to the few applications we need. It's also a good idea to throw in a windows list (for switching between open apps) and a clock/ calendar. Thanks to the way Gnome is built this is a really simple series of operations, mostly involving right-clicking and selecting the appropriate menu or icon entry.
The first thing to do is sort out the panels, which are arranged by default along the top and bottom of the Gnome desktop. We'll get rid of the bottom one first, so right-click in any area of blank space and select Delete This Panel... from the menu. Now right-click on the top panel and select Properties. As we've dumped the bottom panel, we can move this one (which has some bits we want to keep) to the base of the screen by changing the Orientation option to Bottom and then make it a bit bigger (because it's easier for a child to click on) by changing the size to 48.
You could make it look a little more swish by clicking on the Background tab, selecting a colour and making the whole thing a little transparent. It might also be a good idea to increase the font size for the labels on the desktop so the child can read it more easily just do System > Preferences > Font and change the size and/or typeface for the Desktop option though it's less advisable to change the menu text font, because that can really mess with a look of an application.
Back to the panel: it is possible to have the whole thing slide off the bottom of the screen automatically (just select Autohide) to maximise screen space, but in my unscientific tests this didn't provide any real extra benefit and made playing on the computer a little less intuitive for a seven-year-old.
Step 3: Add child-friendly elements
Now it's time to add some things to the panel. First, right-click in any vacant space and select the Add To Panel... option. This will bring up the desktop's extensive list of panel applets look for the big button at the top labelled Application Launcher. As you might guess, this provides easy access to all of the applications that were previously available in the now disappeared Applications menu; simply navigate to the required application. I'm starting with Firefox, which is under Internet > Firefox Web Browser. Select it and hit the Add button. A new icon will be added to the panel, which when the child clicks on it will launch the appropriate application. Right-click on the icon to open its own context-sensitive menu, where you'll find options including Remove From Panel, Move and a Properties entry. Select this entry to open a new dialog box for the icon. In here we can do things such as change the icon of the application or add a particular launch command to it.
We'll change the icon first to make it a little more child- friendly. Ubuntu comes with plenty of icons, and there are tons more available at www.gnome-look.org. These are downloaded as a single tar.gz archive that can be dragged and dropped straight into the Theme window (which is available in System > Preferences > Theme). From the Theme Details window we could make desktop-wide changes to icons, but in this instance we're concerned with a single icon. So, in the Properties box, click on the application's icon (Ubuntu uses a blue globe for Firefox) and either select a new icon from those presented or hit the Browse button to open a file selector and choose your own.
Most of Gnome's icons will be stored in /usr/share/icons/themename and you'll be able to browse through them properly by selecting the Open button. Many will be available in a variety of sizes; just choose the one closest to the size of your panel and select it.
Generally, changes made to the Gnome environment are shown in real time, so when you select a new icon it should change immediately. The good thing about this is that you can use any PNG file as an icon, so it's possible to build up a very personalised desktop experience.
We can pass commands to an application through the Properties box too; this means, for example, that we could have a number of instances of Web Browser on the panel linked to specific websites with different icons. To do this, add a Firefox link as mentioned above and then open the Properties dialog. In the Command section (it should say `firefox %u') add a URL to be opened inside a set of quotes.
firefox %u "http://www.bbc.co.uk/cbeebies/"
Give it a custom icon that is relevant to the site, and even a mouse-proficient three- or four-year-old will only need a little help to get to their favourite websites.
Step 4: Lock 'em down
We need to keep our child or children within their own little sandbox, keeping other users' data safe from their Marmite-covered fingers. This involves setting up the right restrictions for the places where you don't want them wandering. Linux works on a system of permissions that define who can access directories and what they can do in them.
To keep the kids out of your /home directory, right-click on the home icon (Ubuntu automatically names home directories after the usernames), select Properties and then the Permissions tab. Below the File Owner and Group information is a three-by-three grid with labels down the left-hand side; this section allows us to set who can access the directory, who can save files into it and who can execute applications from within. To keep the directory completely to yourself, deselect everything except the Owner line. Not only will other users not be able to access your directory from their desktops, but it will seem as though it doesn't exist.
Of course you may want to set up the childrens' permission so you can snoop through their files whenever you like...
To make sharing documents between young users easier, I would also set up an extra user called Share or something similar and make that /home folder completely accessible to every user by selecting every option in the three-by-three permissions grid. Furthermore, I'd use this directory to store photos, music or video that each member of the family may want to access.
The ideas in this tutorial should keep your children and computers safe up to a point. A determined, computer savvy teenager, however, is quite likely to be able to get around any controls you put in place, but that's no reason for not trying! Putting the family PC in a communal area will probably stop a lot of experimental browsing, but it's important (as in all areas of parenting) to build relationships on trust and respect so that your children feel comfortable coming to you if, for example, they are approached online in an inappropriate manner. Part of this is being open with your children about what measures you've taken and why you regard them as important.
Step 5: Willow filters for a safer internet
It's a simple matter to stop children visiting places they shouldn't on a local machine, but it's much harder on the internet. However, there are two usable systems available for Linux that attempt to give parents a little more control over the sites their children can access. These are DansGuardian (http://dansguardian.org) and Willow (www.digitallumber. com/willow). The former is a very good application, but it does rely on some knowledge of proxy servers in general (and Squid in particular) and though efforts are being made to simplify installation and configuration, it's still not ideal for new or casual users. If you fancy giving it a try, Marco Fioretti explored it in our Hardcore Linux tutorial in LXF81.
Willow, in contrast, is available in an Ubuntu package that installs transparently, needs no knowledge of proxies and is a doddle to use. I grabbed the Ubuntu package from http://nanomad.altervista.org (or you can save bandwidth by getting it from this month's coverdisc) and it opened automatically with the distribution's own package manager. Installation was just a case of downloading and clicking on the Install Package button.
The installer will close down all instances of Firefox during the installation, and when the browser is restarted, it will be running transparently through the filter. The developers of Willow worked with an elementary school in the US (this equates to a UK primary school) to set the boundaries, so the filter settings are deemed to be suitable for five to eight-year-olds.
The filter works on Bayesian principles, which means it examines the visual and textual content of a site and compares this with patterns based on the sites already defined as appropriate or inappropriate. This is better than a simple black (for banned) or white (for allowed) sites because no list can ever keep up with the expansion of the internet. However, it does occasionally throw up false positives, and sometimes it is necessary to tweak the filter settings a little.
To start, let's ensure that each user's browser is running through the filter. To do this, switch to one of the child users' accounts and open up the browser. Do Edit > Preferences, and then under the General tab, select the Connection Settings button. Ordinarily, the only thing set in here is Direct Connection To The Internet, but we want the browser to connect through Willow, so click on the radio button next to Manual Proxy Configuration and in the text area next to HTTP Proxy type localhost. The port number needs to be 8000 and the Use This Proxy For All Protocols option should be selected. Now when anyone attempts to log on to a site that Willow thinks is unsuitable, the browser will display an explanation page in a beautiful shade of yellow.
If you're comfortable changing HTML, it's possible to create a bespoke `denied' page by changing the display setting in one of the configuration files. This will need to be done as the root user with the following command:
It's not the easiest thing to change, although altering the spelling of `innappropriate' (sic) that Willow includes in its explanation page proved to be a simple procedure. I've had great success in blocking access to a whole range of adult-oriented sites, while Willow is sophisticated enough not to block sites covering for example, breast cancer or Nazi Germany in the Second World War. It does sometimes get it wrong though, and this is where a little more training comes in handy. For example, the default settings didn't like the Gnome customisation site www.gnome-look.org, so this domain will need to be added to the `allowed' list.
To access the (very bare) Willow interface, look under System > Preferences > Willow Administration Interface and, when presented with an authentication box, input the username `root' and the password `willowadmin'. There's no easy way to change these details in the UI at the moment; however, Willow hacker Travis Watkins has received funding under the Google Summer of Code initiative to work on a graphical interface for Willow, so keep an eye on the project's homepage for significant updates over the coming months. At present, though, we'll have to stick with these defaults.
The Filter link will open a page with three options: we can filter by URL (which allows us to add a particular URL to be blocked or allowed), by domain (same thing but on the basis of entire domains) or, most interestingly, by content. This last option allows you to specify a URL that will run through Willow's Bayesian algorithm to teach it your own particular mores. Just insert the required URL in the appropriate (good/bad) box and hit Apply Changes. In this way you can create a filter that works in the way you want without having to worry about the political or moral agenda of some other organisation or person.
Willow is not the most secure filtering system, because any user can go into Firefox's Connection Settings and bypass the proxy, but we're concerned here with unintentional or accidental access of inappropriate content rather than a determined browser, and for that purpose it's ideal.
Step 6: Block internet ads
The final concern we have is internet advertising. Yes, we know plenty of websites wouldn't be able to function without them, but many are not suitable for children even though they seem designed to appeal to them and may link to bogus competitions, gambling or contact sites. Firefox has a very able pop-up blocker, which takes care of many of these annoyances, but a Firefox extension called Adblock can deal with the problems that a mere pop-up blocker can't.
Adblock is available from the usual extension website available through Tools > Extensions > Get More Extensions, and is installed in the usual manner. It's a well-established extension that can filter adverts based on either their content (ie create a filter on the string `.gif' and no GIF images will be displayed) or their source (ie you can set up a filter to block out any content emanating from the DoubleClick ad-serving service by using the string `doubleclick.net').
Once installed, Adblock is easily accessed at the base of the browser window. Left-clicking on the Adblock text will display a list of `blockable' items on a page; select one then hit OK to create a filter based on the selection. Right-clicking on it will display a context-sensitive menu complete with the ubiquitous Preferences option, where you can make changes to filters, sort out blocking of Flash-based advertising or whitelist a page or site. This last option is very interesting, because it puts you in control of what adverts you or your children can see. If, for example, you wanted to support a website that relies on advertising, say www.linuxformat.co.uk, and also know that some adverts will be genuinely useful or informative, it's possible to navigate to the page, right-click on Adblock and select either Whitelist This Page or Whitelist This Whole Site.
Children and computers go brilliantly together, and with the help of the permissions-based system that Linux uses, some smart free software and a bit of common sense, you can let them loose on your Linux box without fear that they'll destroy your data or download 50GB of filth.