|
Description
Developer comments
Hi,
It is planned to offer a guest account in the next release.
Attachments
 Bug #206924 : Make it possible to create a guest account
|
|
Duplicates
Comments
|
skyhook19 wrote on the 29 Feb 08 at 15:26
| |
Sounds like a good idea, it obviously have to be secure and only an option.
|
|
tenchi39 wrote on the 29 Feb 08 at 15:48
| |
There should be a checkbox about this at installation...
|
|
Eldmannen wrote on the 29 Feb 08 at 16:08
|
Its good because sometimes my sis or mom nag on me to use the computer.
And I don't want them to find my porno, or accidentally delete my files.
And having the guest account get purged on logout, make me so I don't have to have their crap on my system when they logout.
|
|
wolfwitch wrote on the 29 Feb 08 at 17:45
| |
This is a great idea! I believe Windows has this as an option too, as does OS-X. I create a guest account on my system every time I have friends visit from out-of-town, or I have someone house-sitting for me when I am traveling. I delete it and re-create it frequently so information isn't passed from guest to guest. Having this built-in as an option would be a great thing.
|
|
Eldmannen wrote on the 29 Feb 08 at 18:22
|
Yes, Windows also have a Guest account.
Though Windows does not automatically purge it on logout.
|
|
frenchcore wrote on the 29 Feb 08 at 22:07
| |
Great idea, but security must be easily tunable in this case
|
|
wolfier wrote on the 1 Mar 08 at 04:05
|
Good idea, but like others said, don't do it unless it gives the administrator the ability to severely restrict what the guest account can do.
(Of course, being Linux, this is already possible - what I mean is a point and click interface to enable a guest account)
|
|
Eldmannen wrote on the 1 Mar 08 at 12:59
|
Yes, it should be secure.
In Linux, he cant do anything except touch stuff in /home/guest/ anyways.
Also, Guest account should not be able to sudo.
|
|
Miyamoto wrote on the 1 Mar 08 at 20:28
|
Well, probably some kind of GUI would do here, where the admin can easily enable/disable the programs the guest may use and which also automatically modifies a .logout file to purge the configuration for every used program.
Otherwise that nagging first time usage wizard comes up at login time.
Some suggestions:
- deliver a default set of apps, e.g. a web browser, an email program, an IRC client, etc. - limiting available apps also limits security problems
- by default disable all x-terminals and the command invocator (KDE shows it up after hitting ALT+F2, don't know if GNOME has something like this)
|
|
camello_ar wrote on the 2 Mar 08 at 00:07
|
Eldmannen wrote on the 1 Mar 08
Yes, it should be secure.
In Linux, he cant do anything except touch stuff in /home/guest/ anyways.
Also, Guest account should not be able to sudo.
-------------
I'm thinking the same, especially the su, sudo and another administratives tools, and restrict the write of files outside of /home/guest
i think that is not necessary to flush the folder in logout, can be an optional if yor PC is public or not, for example, the case of a system that is used by you family and don't wanna create users for all, only a guest account. Then, they can't touch the system files, or anything similar (soft, conf), but can save your own configs and files into personalized folder
|
|
arekkusu wrote on the 2 Mar 08 at 17:18
|
By Secure, could it be something like the live CD ?
I mean by this that this cession would not have right access to the harddrive. Might be a bit harsh performance wise (?) but for just checking email or a little web browsing it should be fine or ?
|
|
bgfeldm wrote on the 8 Mar 08 at 15:55
|
Microsoft Windows XP also has this feature.
|
|
scratchy wrote on the 14 Mar 08 at 00:45
| |
Great idea. I want install a Ubuntu in the lobby of a hotel without permission for changing the desktop.
|
|
Rioting_Pacifist wrote on the 18 Mar 08 at 22:47
|
Dont enable it be default (having any default username is a terrible idea), but have an option somewhere, give the choice of a perminant home, otherwise simply mount their home in /tmp/guest, with a noexec tag.
as long as their not in sudoer they wont be able to use sudo, they will need to be in users, plugdev, audio, video and some otehr groups tho.
|
|
_sebastian_ wrote on the 25 Mar 08 at 04:09
|
guest accounts should have strong/restricting security settings.
what about downloading files, where to save? or no saving at all?
|
|
mb wrote on the 25 Mar 08 at 09:38
|
+1.
Guest user should be jailed in his directory (/home/guest). There should be also an option to choose applications that can be run on this account.
It would be useful especially on portable devices (e.g. laptops) when someone else needs to use your computer for a moment.
Of course creating guest account should be optional.
|
|
SniperGX1 wrote on the 10 Apr 08 at 06:37
| |
Good idea. Would also be handy for debugging. Having a fresh "guest" account lying around would allow you to find out if you have a bad setting local to your user which is causing you problems or if it's a larger system wide issue.
|
|
droetker wrote on the 28 Apr 08 at 12:55
|
Why jailed in /home/guest?
per default users have no rights to use su/sudo in Ubuntu, if you didn't know. Only the first account from the install. (you have to be in the admin group to use sudo.)
And no account can use su because root has no password.
So easy.
@Eldmannen: if you want that noone finds your pornos, either learn to set their permissions correctly or better delete them & get a girlfriend.
|
|
mb wrote on the 3 May 08 at 07:59
|
@droetker: you think that guest user should be able to run around your system and view everything? Setting permissions for every little file isn't the right way IMO.
Sometimes my computer are using very mean people. And they trying everything, just to make my system crash.
|
|
Monicker wrote on the 3 May 08 at 23:59
|
@mb
By default a user can't write files to directories outside of their home directory and /tmp.
If I want somebody to have guest access on my system, I would prefer to create the account myself.
|
|
mb wrote on the 4 May 08 at 10:02
|
Monicker: and what about reading files? Any user can view logs of your system, your documents etc. Sometimes even seeing the structure of filesystem may be bad.
Anyway, I would also like to specify which programs can be used by guest, set a quota and other things. Currently it's very hard to do this and you need much effort to make all these things work together.
|
|
drinkypoo wrote on the 9 May 08 at 14:26
|
No additional security should be necessary to support a guest user, aside from things like local privilege escalation attacks (most of which can be avoided through the use of NX and perhaps a capabilities package, e.g. selinux - which every system should run already.)
If the guest account is to be wiped on logout then it must do one of two things: either create a temporary home for each guest that logs in, or wait until all guests have logged out. I like the temporary home idea more, but I'm not sure how it could reasonably be implemented given the limited Unix security model - perhaps, once again, through capabilities?
It certainly should be easier to decide what programs a guest can run.
If guests can look at sensitive log files, then their permissions need to be changed. That's not an issue with having guest users, but an issue with having insecure permissions. There is no need for the average user to look t a log file. For everyone else, there's groups. I would prefer ACLs but the userspace utilities are clearly not there yet. I strongly suspect that it's going to require storing ACLs in a metadatabase :) before it actually works properly. But that's a separate conversation.
|
|
maxfridbe wrote on the 30 Jun 08 at 21:28
|
Agreed...
In the user's screen there should be an option to turn on the guest account with checkboxes for each feature to allow the user logging in to have available.
Ex: [Internet] [Network] [Audio] [Video playback]
maybe?
|
Post your comment
|
Blueprint gdm-guest-login:
