Archives

All posts for the month September, 2022

Background

A “terminal server” or centralized shared desktop server has obvious benefits. Here are just a few:

  • Central application management
  • Securely access home automation or BMS systems remotely
  • Use cheap thin clients or even older machines that are now too slow
  • Cross platform – this works with Windows, Mac, and Linux machines
  • Remotely accessible from anywhere
  • Reduced support requirements
  • Privately use another desktop from work or home
  • Save on the expense of premium hardware on every desktop
  • More secure application deployment within trusted network zones
  • License Free! – this type of terminal server requires no expensive licensing

Solution

I built a terminal server running Xubuntu 22.04 with local users. To enable the use of RDP protocol clients (because Windows, Linux, and Mac machines already have RDP clients) I installed the xrdp package. You can perform the following steps to turn any Xubuntu desktop instance into a full terminal server:

sudo apt install xrdp
sudo systemctl enable --now xrdp
sudo ufw allow from any to any port 3389 proto tcp

When adding new users to the box, simply add any desktop user the usual way in Ubuntu:

Once the user is added, give them whatever permissions are desired. If you have various applications and a printer already setup on this box, then the user will have access to them to print from within their session. Once setup, give the user their credentials and have them login for the first time.

From another Linux desktop, they can use the “Remmina” app to open a session, or from Windows use Remote Desktop, etc:

Hit “Save and Connect”

Upon logging in, they will see the login greeter:

Once logged in, the terminal server desktop appears:

From within this session, the desktop experience is perfect for running centralized applications, or browsing the internet from the terminal server’s location.

Background

I had a need to create a shared desktop Ubuntu machine that would be used by more than one person, but I wanted it to function more like an internet kiosk, and not be changeable by the end user. After playing with Raspbian OS for other projects, I knew about the overlayfs method of making the SD card read only. This is often done to protect the SD card from being prematurely worn by constant writing. In this application, I wanted to do something similar using the Ubuntu OS on more powerful J4125 hardware. After some initial googling, I learned about the overlayroot package. Installing and setting it up is fairly easy and can be done in mere minutes. Read on…

Solution

First thing we will want to do is install the Ubuntu operating system and all the software applications we might want. We want to set up the machine exactly how we will want it BEFORE we enable the overlayroot read only FS. Set all preferred desktop settings, packages, themes, browser settings, backgrounds, desired user accounts, adding printers, etc FIRST!

After we have the desktop provisioned the way we want it, the next step is to “freeze” this configuration by installing and enabling overlayroot:

sudo apt install overlayroot

Once you have it installed, you will need to modify a configuration file to enable it. Edit the following file – you only need to change the following variable: overlayroot=””

sudo nano /etc/overlayroot.conf

overlayroot="tmpfs"

Save and close the file. There are other options for this config, but they are out of the scope of this article. For more information, please consult the config file, it is loaded with documentation in the comments.

Last step, reboot the machine. Your machine will come up in a read only state. Any changes made to the system will be eliminated after reboot! This is perfect for a shared computer where you don’t want multiple people mucking up the machine, and cleanup is as easy as rebooting.

Undo The Overlayroot

If you should wish to undo the overlayroot to update the system, or add/change something, you can do so by passing the following argument on the grub boot:

overlayroot=disabled

Here’s how:

reboot the machine, and at the grub prompt hit “e” to edit the chosen boot command and put the above option on the boot line like so:

menuentry 'Ubuntu, with Linux 3.5.0-54-generic (Writable)' --class ubuntu --class gnu-linux --class gnu --class os {
	recordfail
	gfxmode $linux_gfx_mode
	insmod gzio
	insmod part_msdos
	insmod ext2
	set root='(hd0,msdos1)'
	search --no-floppy --fs-uuid --set=root 28adfe9d-c122-479a-ab81-de57d16516dc
	linux	/vmlinuz-3.5.0-54-generic root=/dev/mapper/faramir-root ro overlayroot=disabled
	initrd	/initrd.img-3.5.0-54-generic
}

Keep in mind this is a ONE TIME modification to the boot line, once booted, make all your changes and then reboot again, and the system will be restored to the overlayroot read only state. If you would wish to permanently undo the overlayroot, then clear the overlayroot=”tmpfs” variable in /etc/overlayroot.conf BEFORE rebooting.