Providing Internet access to the public has come to be an important service, but it can be quite a challenge to do so in a secure, cost-effective way. Maintaining patron privacy on a shared, public computer is one of the problems that librarians face every day.

When I came to Lebanon Public Libraries, NH, two years ago we had PCs with expensive, proprietary Windows software to roll back any changes that patrons made. Not only was the cost of the software a problem, but it actually allowed monitoring of what our patrons were doing online at any time. I viewed this as a huge privacy concern. Additionally, the software was set up in such a way that it undid any updates except for Windows updates. This created major security risks as it forced patrons to use old and vulnerable versions of Flash, Java, Chrome, Firefox, and more.

My solution was to switch to an open source (OS) platform for our patron computing. I have been an OS enthusiast for many years now, but this was the first time that I had the opportunity to bring it into my professional life. It was exciting to be able to prove many of the arguments that I had been using to advocate for switching to OS software.

No matter how much I wish it were otherwise, most people don’t really care about OS software. The good news is that they don’t really care about proprietary software either. They just want something that is easy to use and works for what they are trying to do.

So, that became my priority when searching for a Linux distribution to use for our PCs. First and foremost, it had to work. With this in mind, my requirements list was:

1. Must work reliably on my hardware (older desktop computers that originally ran XP).
2. Must support modern web browsers and all needed plugins.
3. Must have a full office suite capable of handling MS Office documents.
4. Must be reasonably secure and protect patron privacy.
5. Must look reasonably familiar to patrons.

To satisfy those requirements, I settled on Linux Mint with the Cinnamon desktop environment. This is a modern distro with access to huge repositories (Mint is based on Ubuntu, which is in turn based on Debian. So, any software available for Debian or Ubuntu will run on Mint). Additionally, most modern Linux distros have very good hardware support, but Mint is known for being particularly easy to operate. Finally, Cinnamon has a look that will be familiar to any Windows XP/7 user. A menu button in the bottom left-hand corner and desktop icons make getting online or launching the word processor very simple. Mint also comes with Firefox as its default web browser. This is a modern browser that allows for decent security with a little tweaking and should work well for everything that patrons want to do online.

Not all of the things that I chose are Free Libre and Open Source Software (FLOSS). My distro uses some proprietary codecs (MP3) and drivers (some broadcom cards require proprietary drivers). My job as a public librarian is not to be an ideological purist but to serve our patrons and meet their needs in the best way that I am able.

I firmly believe that using OS software is preferable to proprietary commercial software in almost all cases. It is philosophically much more in line with the values of librarianship than closed source, proprietary software. It is also typically at least as functional and cheaper (in many cases free). But OS software isn’t perfect, and there are still some cases in which we need to make allowances for proprietary software in order to ensure that our patrons have a great experience. Even basic functionality for printers or wireless cards may require the use of closed source browsers. We don’t always have the luxury of choosing our hardware. In the long run, using open source whenever and wherever possible and compromising as necessary is better for the OS movement than sticking to an ideological position and insisting that everyone adapt to it.

Getting started

The following instructions are tested to work with Linux Mint 17.1. Any future releases may or may not work with these specific instructions. However, they should still provide a good outline of the process.

Terminal Command will be indented and start with $ and have a gray ­background.

The latest version of Mint can bedownloaded from www.linuxmint.com/download.php. You can find installation instructions in the Linux Mint User Guide, which is available at ow.ly/UyJFO.

If you have any trouble at this point, I highly recommend online searches. Linux Mint has a large and active user base that is very good at answering people’s questions. The only critical thing that you must do in this process is set up your admin account with a good strong password. Remember that password, you’ll need it to do any administration in the future!

Setting up a public user

This is the user account that the public will use. First, we create the user. From the Linux Mint Desktop click on the menu button and open the terminal.

In the terminal type:

It will ask you for some information about the user that you just created. Go ahead and answer the questions. Note: When you type passwords into a Linux terminal it will look as if nothing is getting typed in. This is a security feature so people can’t see the length of your password.

Next, set up the public profile. This controls what your patrons see. Anything you set up here will be restored every time they log out.

Add new launcher

Add a launcher to the desktop called “Logout” to give patrons an easy way to ensure that their privacy is preserved.

Right click on the desktop and select “Create a new launcher here.” In the new window that opens up, add the ­following:

Then click on the icon and change it to something more appropriate. Make any other customizations to the profile at this point.

Creating a reboot script

This is a critical step to ensure patron privacy. To begin, we copy the patron profile that we just created to a secure location that the public profile cannot access. Then we make a script that copies it back on every logout. This ensures that any changes made to the home folder are erased. Follow these steps.

1. Copy the profile to a secure ­location

This copies the profile that you just set up into a secure location that the public user can’t reach. This gives us a clean copy of the profile that we can restore on every logout.

2. Create the script and make it executable

This creates a script file called “userlogout” and opens it in the text editor Nano

3. Within the script, type the following:

Then save and exit the file with Ctrl-X and type Y when it asks if you want to save. The first line tells Linux how to run the script. The second line uses a program called Rsync to copy the clean copy back to the home directory, undoing any changes that the patron made. The third line clears the recent documents file.

In the terminal type:

This makes the script that you just wrote ­executable

Make the script run on every logout:

Then add the line:

At the very end of the file, just before line:

This will run the userlogout script every time a user logs in. This makes sure that every user starts with a clean profile.

4. Set up Autologin

In the terminal type:

This opens the Mint Display Manager configuration file.

In this file, uncomment (delete the # in front of the line) the Autologin line and change autologin user to public.

Cron

Cron allows you to schedule system tasks. In this case we will set it up automatically to run updates every night. This will make sure that our public systems always have the latest security patches.

In the terminal type:

First look at the section that says START_HOURS_RANGE

This is the time frame that cron will run its jobs (in military time). I recommend setting it to when your library is closed. For example, my library closes at 8 p.m. so my file says START_HOURS_RANGE=20-23. This means it will run updates between 8 p.m. and 11 p.m.

At the bottom of the file add a line that reads:

This tells cron to run the job daily. The 45 means that it will wait 45 minutes after the start of the start hours range. “Updates” is just the name of the job; it could be anything you want. The rest is the actual command to run. This updates the metadata of the repositories and then upgrades any packages that have updates available.

Chuck McAndrew is the IT Librarian, Lebanon Public Libraries, NH