How to protct the library ?

[rolgiati]

I have been asked to install Calibre under Linux on the self-service computers in a public library.

How can I protect the (Calibre) library from intempestive deletions, additions, metadata edits etc ?

I was wondering about setting the whole Calibre library directory read-only for the guest users account.

Would that work ?

Any other way to bomb-proof the data ?

Or any other advice ?

[theducks]

Quote:

Originally Posted by rolgiati

I have been asked to install Calibre under Linux on the self-service computers in a public library.

How can I protect the (Calibre) library from intempestive deletions, additions, metadata edits etc ?

I was wondering about setting the whole Calibre library directory read-only for the guest users account.

Would that work ?

Any other way to bomb-proof the data ?

Or any other advice ?

Really Simple.
Set up a Content server PC, them just put a bookmark (for web browser) for the public machines. View, download... but no change

[kovidgoyal]

And if you want to use the full calibre in read only mode, you keep the library in a central computer to which patrons dont have access and you sync it (one way) from the central computer to the rest, so even if people make changes they will be reversed at the next sync.

[dwig]

Quote:

Originally Posted by kovidgoyal

And if you want to use the full calibre in read only mode, you keep the library in a central computer to which patrons dont have access and you sync it (one way) from the central computer to the rest, so even if people make changes they will be reversed at the next sync.

If you take this approach you should consider taking it a step further by editing the toolbars, there are several, in Preferences on the user access machines to remove the icons for the more "damaging" functions (e.g. Edit Metadata, Remove books, ...). This won't totally block access to these functions, but will reduce their visibility.

[haertig]

Quote:

Originally Posted by rolgiati

I have been asked to install Calibre under Linux on the self-service computers in a public library.

Since you are wanting multiple computers to access Calibre (which would of course be the case in a library), then you are realistically talking about using the Content Server part of Calibre. I would love to have multiple full Calibre interfaces running against the same database at the same time (in read-only mode), but Calibre does not support that.

If each Calibre access station in your library is a full fledged PC, then you could have your one main database on a machine not accessible to the public, then rsync that over to EACH individual PC running its own individual copy of Calibre. But, each of those individual PC's would be able to modify their individual database (you would overwrite those changes with the next rsync though). Still, in a public setting, I don't think you'd want to expose yourself for such potential abuse of the individual databases. You could maybe use the OS to mark everything Calibre can access as read-only, but I imagine that would make for some pretty problematic error messages/behavior that you wouldn't want to put in front patrons of your library.

So we're back to using the Content Server part of Calibre. It is not as full featured as the main Calibre interface, but the main Calibre interface would probably blow away 99% of your library patrons anyway. They wouldn't know how to use it. The Content Server interface does have a small learning curve, but nowhere near like the main interface. I would STILL maintain your main database separate from the database exposed by the Content Server. The main database should never be touchable, in any way, by the general public.

I am wondering a bit why you'd be asked to put up Calibre in a public library. Will this be used to distribute only non-DRM'ed and freely available books? Because with Calibre, either the main interface or the Content Server interface, you can download books. If the library patron has access to a USB port on the library computer, they can stick their personal thumbdrive in there and download the books from Calibre and permanently walk off with them, never to have to return them. That's not what you typically expect in a library setting, but maybe that's what you're after in this case.

[rolgiati]

Quote:

Originally Posted by haertig

I am wondering a bit why you'd be asked to put up Calibre in a public library. Will this be used to distribute only non-DRM'ed and freely available books? Because with Calibre, either the main interface or the Content Server interface, you can download books. If the library patron has access to a USB port on the library computer, they can stick their personal thumbdrive in there and download the books from Calibre and permanently walk off with them, never to have to return them. That's not what you typically expect in a library setting, but maybe that's what you're after in this case.

You are right, the plan is to make out-of-copyright French literature books, mostly from XIXth and early XXth century think Balzac, Zola, Stendhal, Voltaire, Racine, Corneille etc) available to students who would be very welcome to copy and take away whatever they wanted.
Rather than setting up a central server, I am thinking of having a copy of the whole library directory hidden in /root/ and have a cron job rsync it every five or ten minutes to /home/guest/

[rolgiati]

Quote:

Originally Posted by dwig

If you take this approach you should consider taking it a step further by editing the toolbars, there are several, in Preferences on the user access machines to remove the icons for the more "damaging" functions (e.g. Edit Metadata, Remove books, ...). This won't totally block access to these functions, but will reduce their visibility.

I have thought of this, and plan not only to modify the toolbars as you advise, but also to hunt down the Calibre config file, in the hope that I can chmod -w it without preventing Calibre from running.

[dwig]

Quote:

Originally Posted by rolgiati

I have thought of this, and plan not only to modify the toolbars as you advise, but also to hunt down the Calibre config file, in the hope that I can chmod -w it without preventing Calibre from running.

Another thing to disable is calibre's "Show notification when new version is available" in Preferences > Behavior.

[rolgiati]

Quote:

Originally Posted by dwig

If you take this approach you should consider taking it a step further by editing the toolbars, there are several, in Preferences on the user access machines to remove the icons for the more "damaging" functions (e.g. Edit Metadata, Remove books, ...). This won't totally block access to these functions, but will reduce their visibility.

What about chmod a -w of the config file that holds the toolbars information ? Could you tell me where to find it ?

[haertig]

I entered a large reply to this thread but I don't see it. Probably I closed the window rather than hitting "Submit reply". I do dumb stuff like that.

I don't want to retype the whole thing, but the gist of it was:

If you have a PHYSICALLY ACCESSIBLE computer out there in the public, it is almost impossible to secure it adequately. Encrypted filesystems can help, password protected BIOS can help, strong firewalling can help, limited network access can help, full backups can help, placing it where it can be easily observed by staff can help - but it is fundamentally almost impossible to secure a computer if the users have physical access to it.

For this reason, I would still recommend that you keep your Calibre library on a separate server, and this physically accessible (I assume) computer in the library should be considered an island to itself, having data rsynced (pushed) to it rather than pulled from it. Firewall it off from your internal library network (except for a very tight hole to allow the rsync). Be ready for it to be destroyed in an instant, and be able to rebuild it easily from a backup image. If you give them a USB port to download books from, then you've given them a USB port they can boot from (there are ways around BIOS passwords). If they boot from their thumbdrive, all of your local security measures are for naught (except encrypting every file system). But even with that, depending on your network setup, they may still gain access to your internal library network. Which is not a good thing. Especially since you mentioned "students". It might not be so bad if this computer was to be accessed only by senior citizens living in a closed retirement community.

Physical access + students = WARNING! WARNING! WARNING!

[BetterRed]

Quote:

Originally Posted by rolgiati

What about chmod a -w of the config file that holds the toolbars information ? Could you tell me where to find it ?

There's a button in Preferences->Miscellaneous that will provide the location of the configuration files (it opens the directory). I'm not sure which file holds the toolbar settings.

BR

[theducks]

I am not sure any file can be safely be write protected. That would require that the design goal specifically included that special need that 3+ Million other users did not.

Maybe Kovid can be talked into adding a (optional) "password please" for the Preferences menu section (Just a basic 'discouragement', not serious road (hacker proof) block )

[rolgiati]

Quote:

Originally Posted by theducks

I am not sure any file can be safely be write protected.

I know, but it seemed a possible way to solve my problem.

Quote:

Originally Posted by theducks

That would require that the design goal specifically included that special need that 3+ Million other users did not.

I accept this is a very singular situation.

Quote:

Originally Posted by theducks

Maybe Kovid can be talked into adding a (optional) "password please" for the Preferences menu section (Just a basic 'discouragement', not serious road (hacker proof) block )

That would be a help.
Otherwise I see another possibility keeping a copy or /user/.config.calibre in an inaccessible place (/opt/calibre ?) and rsync'ing from it after every session, as I think I may end up doing for the Library directory.
Doing it from a server is not on, as I will not get additional hardware.