Developer comments
A guest account is now offered in Intrepid! In the fast-user-switcher in the desktop top bar, select "Guest", and here you are!
893
votes
|
|
1116
0
223
|
|
|
|
|
Attachments
Duplicates
Comments
|
|
|
Sounds like a good idea, it obviously have to be secure and only an option.
|
|
tenchi39
wrote on the 29 Feb 08 at 15:48
|
|
|
|
There should be a checkbox about this at installation...
|
|
|
Its good because sometimes my sis or mom nag on me to use the computer.
And I don't want them to find my porno, or accidentally delete my files.
And having the guest account get purged on logout, make me so I don't have to have their crap on my system when they logout.
|
|
|
|
This is a great idea! I believe Windows has this as an option too, as does OS-X. I create a guest account on my system every time I have friends visit from out-of-town, or I have someone house-sitting for me when I am traveling. I delete it and re-create it frequently so information isn't passed from guest to guest. Having this built-in as an option would be a great thing.
|
|
|
Yes, Windows also have a Guest account.
Though Windows does not automatically purge it on logout.
|
|
|
|
Great idea, but security must be easily tunable in this case
|
|
wolfier
wrote on the 1 Mar 08 at 04:05
|
|
|
Good idea, but like others said, don't do it unless it gives the administrator the ability to severely restrict what the guest account can do.
(Of course, being Linux, this is already possible - what I mean is a point and click interface to enable a guest account)
|
|
|
Yes, it should be secure.
In Linux, he cant do anything except touch stuff in /home/guest/ anyways.
Also, Guest account should not be able to sudo.
|
|
|
Well, probably some kind of GUI would do here, where the admin can easily enable/disable the programs the guest may use and which also automatically modifies a .logout file to purge the configuration for every used program.
Otherwise that nagging first time usage wizard comes up at login time.
Some suggestions:
- deliver a default set of apps, e.g. a web browser, an email program, an IRC client, etc. - limiting available apps also limits security problems
- by default disable all x-terminals and the command invocator (KDE shows it up after hitting ALT+F2, don't know if GNOME has something like this)
|
|
|
Eldmannen wrote on the 1 Mar 08
Yes, it should be secure.
In Linux, he cant do anything except touch stuff in /home/guest/ anyways.
Also, Guest account should not be able to sudo.
-------------
I'm thinking the same, especially the su, sudo and another administratives tools, and restrict the write of files outside of /home/guest
i think that is not necessary to flush the folder in logout, can be an optional if yor PC is public or not, for example, the case of a system that is used by you family and don't wanna create users for all, only a guest account. Then, they can't touch the system files, or anything similar (soft, conf), but can save your own configs and files into personalized folder
|
|
|
By Secure, could it be something like the live CD ?
I mean by this that this cession would not have right access to the harddrive. Might be a bit harsh performance wise (?) but for just checking email or a little web browsing it should be fine or ?
|
|
bgfeldm
wrote on the 8 Mar 08 at 15:55
|
|
|
Microsoft Windows XP also has this feature.
|
|
scratchy
wrote on the 14 Mar 08 at 00:45
|
|
|
|
Great idea. I want install a Ubuntu in the lobby of a hotel without permission for changing the desktop.
|
|
|
Dont enable it be default (having any default username is a terrible idea), but have an option somewhere, give the choice of a perminant home, otherwise simply mount their home in /tmp/guest, with a noexec tag.
as long as their not in sudoer they wont be able to use sudo, they will need to be in users, plugdev, audio, video and some otehr groups tho.
|
|
|
guest accounts should have strong/restricting security settings.
what about downloading files, where to save? or no saving at all?
|
|
mb
wrote on the 25 Mar 08 at 09:38
|
|
|
+1.
Guest user should be jailed in his directory (/home/guest). There should be also an option to choose applications that can be run on this account.
It would be useful especially on portable devices (e.g. laptops) when someone else needs to use your computer for a moment.
Of course creating guest account should be optional.
|
|
|
|
Good idea. Would also be handy for debugging. Having a fresh "guest" account lying around would allow you to find out if you have a bad setting local to your user which is causing you problems or if it's a larger system wide issue.
|
|
droetker
wrote on the 28 Apr 08 at 12:55
|
|
|
Why jailed in /home/guest?
per default users have no rights to use su/sudo in Ubuntu, if you didn't know. Only the first account from the install. (you have to be in the admin group to use sudo.)
And no account can use su because root has no password.
So easy.
@Eldmannen: if you want that noone finds your pornos, either learn to set their permissions correctly or better delete them & get a girlfriend.
|
|
mb
wrote on the 3 May 08 at 07:59
|
|
|
@droetker: you think that guest user should be able to run around your system and view everything? Setting permissions for every little file isn't the right way IMO.
Sometimes my computer are using very mean people. And they trying everything, just to make my system crash.
|
|
|
@mb
By default a user can't write files to directories outside of their home directory and /tmp.
If I want somebody to have guest access on my system, I would prefer to create the account myself.
|
|
mb
wrote on the 4 May 08 at 10:02
|
|
|
Monicker: and what about reading files? Any user can view logs of your system, your documents etc. Sometimes even seeing the structure of filesystem may be bad.
Anyway, I would also like to specify which programs can be used by guest, set a quota and other things. Currently it's very hard to do this and you need much effort to make all these things work together.
|
|
|
No additional security should be necessary to support a guest user, aside from things like local privilege escalation attacks (most of which can be avoided through the use of NX and perhaps a capabilities package, e.g. selinux - which every system should run already.)
If the guest account is to be wiped on logout then it must do one of two things: either create a temporary home for each guest that logs in, or wait until all guests have logged out. I like the temporary home idea more, but I'm not sure how it could reasonably be implemented given the limited Unix security model - perhaps, once again, through capabilities?
It certainly should be easier to decide what programs a guest can run.
If guests can look at sensitive log files, then their permissions need to be changed. That's not an issue with having guest users, but an issue with having insecure permissions. There is no need for the average user to look t a log file. For everyone else, there's groups. I would prefer ACLs but the userspace utilities are clearly not there yet. I strongly suspect that it's going to require storing ACLs in a metadatabase :) before it actually works properly. But that's a separate conversation.
|
|
|
Agreed...
In the user's screen there should be an option to turn on the guest account with checkboxes for each feature to allow the user logging in to have available.
Ex: [Internet] [Network] [Audio] [Video playback]
maybe?
|
|
s3a
wrote on the 6 Jul 08 at 09:46
|
|
|
"Its good because sometimes my sis or mom nag on me to use the computer.
And I don't want them to find my porno, or accidentally delete my files.
And having the guest account get purged on logout, make me so I don't have to have their crap on my system when they logout."
LOL
+1...it would work and would have many uses ;)
|
|
|
|
Sounds good, but I hope it'll be easily disable-able under preferences somewhere. Not everyone would like having an open guest account on their computer.
|
|
ilektron
wrote on the 16 Jul 08 at 08:17
|
|
|
|
It may be too late to say this, but +1 to not enabling the guest account by default.
|
|
|
I can use this to help solve bug #1 if it's implemented! I can say to someone who's mildly interested in GNU/Linux or Free Software, "Hey, why don't you try it?" I can then hand them my laptop, log them into this guest account, and let them play around with it.
Basically, I think the problem with Ubuntu's market share is lack of exposure, and this bug makes it easier (and less risky) to expose someone to Linux!
|
|
|
|
I believe you'll need to enter an password to use the guest account, because you will not be able to offer password free login, isn't it? ^^
|
RainCT
(Ubuntu developer)
wrote on the 11 Aug 08 at 13:29
|
|
|
|
natureflow: A privileged user will have to start the guest account session, iirc. Check the specification for more details.
|
|
|
|
sounds wonderful. as firewall details can be set to max and still allow the usr to access their bank or even ubuntuforums.org?
|
|
|
|
Is there an option to turn it off ?
|
|
choad
wrote on the 2 Oct 08 at 09:56
|
|
|
|
is it just me that thinks having a guest account that requires a registered account to get in to is COMPLETELY USELESS!?!?!?
|
|
|
Hasn't anyone else noticed that this is another feature marked as implemented when it's only implemented in gnome?
I say unmark as implemented until Kubuntu has the feature.
|
|
|
I agree with choad, having a guest account that requires a registered account is completely useless.
We want a guest account with a separate login so we can allow people to use and access our computers when we are aren't around.
The guest session in 8.10 (intrepid ibex) is a terrible implementation of a guest account.
A very strange way of doing it.
|
|
|
|
Not only is this implementation of Guest account useless, but it doesn't even work very well. Lots of very basic functionality is broken. This item should not be considered implemented!
|
Post your comment
|
Blueprint gdm-guest-login:
