2 files changed, 20 insertions, 1 deletions

diff --git a/backend/seckelapi/Containerfile b/backend/seckelapi/Containerfile
index d36a165..ccdab84 100644
--- a/backend/seckelapi/Containerfile
+++ b/backend/seckelapi/Containerfile
@@ -21,7 +21,7 @@ WORKDIR /app
 
 # Install runtime dependencies
 RUN apt-get update && \
-    apt-get install -y ca-certificates libssl3 && \
+    apt-get install -y ca-certificates libssl3 nano && \
     rm -rf /var/lib/apt/lists/*
 
 # Copy binary and config from builder
diff --git a/backend/seckelapi/config/security.toml b/backend/seckelapi/config/security.toml
index f72b765..4bf05b3 100644
--- a/backend/seckelapi/config/security.toml
+++ b/backend/seckelapi/config/security.toml
@@ -207,4 +207,23 @@ max_limit = 50
 max_where_conditions = 5
 user_settings_access = "read-own-only"  # Students can only read their own preferences, not modify
 
+[permissions."10"]
+# Kiosk - public terminal, can only list users for login
+rollback_on_error = true
+allow_batch_operations = false
+basic_rules = [
+    "users:r",
+    "roles:r"
+]
+advanced_rules = [
+    "users.*:block",
+    "users.id:r",
+    "users.username:r",
+    "users.name:r",
+    "users.role_id:r"
+]
+max_limit = 100
+max_where_conditions = 5
+user_settings_access = "read-own-only"
+