I want to create a restricted user without password that can only use a web browser. I added a user named "visitor" and created in his home dir a file .xsession that contains: firefox so that when he logs in, firefox is launched, and when he closes firefox, he is logged out. This works fine but he is still able to ctrl+alt+F(1-6) and log in to browse the file system. To prevent that, I tried to set /bin/false as the default shell for that user in /etc/passwd but this also prevented him to log in graphically. Is there a way to be sure that "visitor" will only be able to browse the web and not the file system ? any security issues ? Thanks for help
