Ubuntu – Kiosk with Chrome on 16.04

Below is what I managed to build in the end, stitching together various scraps and hints I could find plus some "original research" of my own. I consider it very rough and downright ugly in places, but I need some solution, and it seems to work for now. Fingers crossed...

  PLEASE NOTE you should also consider hardening your Linux for security,
which is absolutely not covered by the presented script!

#!/bin/bash
if [ $# -ne 0 ]; then
    echo "USAGE: mkkiosk.sh"
    echo "Create new user 'kiosk' and configure LightDM to auto-login this user to a X session running only Chrome"
    echo "in --kiosk mode."
    exit 1
fi

set -x; set -e
date

# Try to make current user (admin/...) prefer 'ubuntu' to 'kiosk' for session type.
# TODO: currently doesn't seem to work, lightdm still suggests 'kiosk' session and requires manual clicking to change.
cat > ~/.dmrc << EOF
[Desktop]
Session=ubuntu
EOF

# Auto-create user 'kiosk'.
# http://askubuntu.com/a/321943/111779
# NOTE: auto-login is enabled later (autologin-user)
getent group kiosk || (
    sudo su -c "groupadd kiosk"
    sudo su -c "useradd kiosk -s /bin/bash -m -g kiosk"
)

# Install Chrome
# http://askubuntu.com/a/510186/111779
# TODO: somehow pin Chrome version? reportedly, cmdline flags are
# unofficial and can change; OTOH, security updates... though in kiosk, we show
# only one webpage; but admin user also may use Chrome.
grep chrome /etc/apt/sources.list.d/google-chrome.list >&/dev/null || (
    wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
        sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
    sudo apt-get update && sudo apt-get install -y --no-install-recommends \
        google-chrome-stable
)

# https://wiki.archlinux.org/index.php/Display_manager#Session_configuration
#
# - For Chrome flags, see:
#   - http://peter.sh/experiments/chromium-command-line-switches/
#     (via http://askubuntu.com/a/423632/111779)
# - TryExec:
#   not sure what it does, but apparently must be just binary name if present.
#   (see: https://www.virtualbox.org/svn/vbox/trunk/src/VBox/Additions/linux/lightdm-greeter/liblightdm-gobject-1.5.0/session.c)
#   TODO: test if we can remove TryExec
# - IMPORTANT NOTE: If below settings are invalid, the session may just
#   silently disappear as a choice in LightDM. You can then try to confirm this
#   by looking in /var/log/lightdm/seat0-greeter.log for message "Ignoring
#   sesion kiosk".
sudo bash -c 'cat > /usr/share/xsessions/kiosk.desktop' << EOF
[Desktop Entry]
Encoding=UTF-8
Name=Kiosk
Comment=Start a Chrome-based kiosk session
Exec=/usr/bin/google-chrome --kiosk --window-size=1281,1025 --window-position=0,0 --no-first-run --incognito --no-default-browser-check --disable-translate http://stackoverflow.com
TryExec=/usr/bin/google-chrome
Icon=google-chrome
EOF
sudo -u kiosk bash -c 'cat > ~kiosk/.dmrc' << EOF
[Desktop]
Session=kiosk
EOF
# See LightDM "help" in: /usr/share/doc/lightdm/lightdm.conf.gz
sudo bash -c 'cat > /usr/share/lightdm/lightdm.conf.d/99-kiosk.conf' << EOF
[Seat:*]
user-session=kiosk
EOF
# Setting below options in only 99-kiosk.conf doesn't seem enough (conflicts on autologin-user).
sudo bash -c 'cat > /etc/lightdm/lightdm.conf' << EOF
[Seat:*]
autologin-guest=false
autologin-user=kiosk
autologin-user-timeout=0
EOF

echo "Done."

To get back to "normal user", press Alt-F4 to close Chrome; LightDM will show, where you can login to your "normal" admin/root/... (super-)user. To get back to "kiosk", run:

sudo killall lightdm

TODO: didn't disable screensaver yet (or did it?).
Also, no warranty, it may shoot off your leg, eat your homework, etc, etc.