After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 619526 - Real guest mode
Real guest mode
Status: RESOLVED OBSOLETE
Product: gdm
Classification: Core
Component: general
2.31.x
Other Linux
: Normal enhancement
: ---
Assigned To: GDM maintainers
GDM maintainers
: 599805 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-05-24 14:55 UTC by Patryk Zawadzki
Modified: 2018-05-22 21:38 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Patryk Zawadzki 2010-05-24 14:55:17 UTC
Currently having a guest account involves creating a spare login and making sure none of the actual users break the environment to a state where it's irrecoverable for a non-admin.

It would be nice however to be able to have a real guest mode. Upon selecting that gdm could:

1) Ask for a temporary name
2) login the user using a pre-configured account
3) create a scratch $HOME somewhere under /var

Upon logging out the temporary home would be removed.

This would also make having multiple guests logged in possible. Imagine the following situation:

Agnes logs into Bart's computer as a guest, Cecil comes along and asks for a minute at the keyboard. At this point Agnes click the fast user switching applet and select "new guest session". As soon as Cecil is done, he logs out and Agnes is left with only her session around. She's not affected by his language of choice, the input methods he uses or the application preferences he set during his time at the keyboard.
Comment 1 Ray Strode [halfline] 2010-05-24 15:06:10 UTC
This is a feature others have asked for before, too.

At some point Canonical was working on adding it, but I don't know if they ever made progress.

The "right" way to do this probably involves waiting until the multi-stack branch lands and shipping a "guest" plugin.
Comment 2 William Jon McCann 2010-06-17 04:01:42 UTC
*** Bug 599805 has been marked as a duplicate of this bug. ***
Comment 3 Ray Strode [halfline] 2012-02-16 17:34:24 UTC
*** Bug 304849 has been marked as a duplicate of this bug. ***
Comment 4 Ray Strode [halfline] 2016-12-20 15:39:16 UTC
some irc discussion here:
<pwithnall_> halfline: I was wondering about the current feasibility of https://bugzilla.gnome.org/show_bug.cgi?id=619526. What’s the current ‘right way’ to do it?
<halfline> pwithnall_: well we have this thing called xguest
<halfline> pwithnall_: (try dnf install xguest ) it creates a guest account
<halfline> but I think at some point we're going to have to visit the idea of a custom nsswitch module for creating uids dynamically
<halfline> because GDM runs all greeters as the same user right now
<halfline> which not only is bad for security but actually breaks things pretty badly since systemd user sessions became a thing
<halfline> probably we could leverage the same nsswitch module for a guest account
<halfline> actually i think poettering wanted the same thing at one point
<halfline> lemme look
-10-11> xerpi 14(10xerpi@71.red-88-9-243.dynamicip.rima-tde.net14) has joined #gnome-hackers
<halfline> oh looks like it already landed
<halfline>         * Support for dynamically creating users for the lifetime of a service
<halfline>           has been added. If DynamicUser=yes is specified, user and group IDs
<halfline>           will be allocated from the range 61184..65519 for the lifetime of the
<halfline>           service. They can be resolved using the new nss-systemd.so NSS
<halfline>           module. The module must be enabled in /etc/nsswitch.conf. Services
<halfline>           started in this way have PrivateTmp= and RemoveIPC= enabled, so that
<halfline>           any resources allocated by the service will be cleaned up when the
<halfline>           service exits. They also have ProtectHome=read-only and
<halfline>           ProtectSystem=strict enabled, so they are not able to make any
<halfline>           permanent modifications to the system.
85.lightspeed.rlghnc.sbcglobal.net14) has joined #gnome-hackers
<halfline> so actually maybe just creating /etc/systemd/system/guest-user.service something with DynamicUser=yes in it would do the job ?  
<halfline> basically would need to look like /lib/systemd/system/user@.service i guess
<halfline> not sure, there might be some details that would need to be worked out.  But that's potentially a place to start
Comment 5 Carlos Soriano 2018-05-22 21:38:56 UTC
The format in https://bugzilla.gnome.org/show_bug.cgi?id=619526#c4 is breaking the migration tool for GitLab. I need to close this bug, feel free to reopen on GitLab once gdm has migrated.