Ubuntu-style temporary guest accounts
Posted: 22. Jul 2012, 00:56
Not sure if this falls within the purview of "Slackware for slackers," but I'll put it out anyway...
One of the more interesting and less buggy features of Ubuntu 12.04 is the guest account. When you log in as a guest, Ubuntu creates a randomly named temporary user to log you in as. The user has its home directory in /tmp, is denied access to sudo and su, and is deleted (along with its data) when you log out. There's also an AppArmor profile to limit the new user. It's a bit like instant system rollback software on Windows - only less of a kludge.
The main problem is, this is all done by Ubuntu's LightDM login manager, which Salix doesn't have. And Salix doesn't have AppArmor either.
Even without AppArmor though, this could be a pretty nice feature. I'm thinking there could be a guest session script for GDM/KDM, which if made executable would create and log in a temporary user called guest-XXXXXX, where XXXXXX is a random number. The user would be a member of their own group and no other - thus, no access to other users' data.
Likewise, a "cleanup" script could run on boot to delete guest accounts and groups that were not removed, e.g. due to a power failure... The one aspect I'm foggy on is how to delete the account and its data *on logout.* I'm sure that could be done in a bash script or such, but unlike the other stuff I'm not sure how.
(... Why yes, I do in fact have plans to do this. When I get the spare time anyway. A good sysadmin could probably whip something up in a minute or so, but I'm not even a mediocre sysadmin.
)
One of the more interesting and less buggy features of Ubuntu 12.04 is the guest account. When you log in as a guest, Ubuntu creates a randomly named temporary user to log you in as. The user has its home directory in /tmp, is denied access to sudo and su, and is deleted (along with its data) when you log out. There's also an AppArmor profile to limit the new user. It's a bit like instant system rollback software on Windows - only less of a kludge.
The main problem is, this is all done by Ubuntu's LightDM login manager, which Salix doesn't have. And Salix doesn't have AppArmor either.
Even without AppArmor though, this could be a pretty nice feature. I'm thinking there could be a guest session script for GDM/KDM, which if made executable would create and log in a temporary user called guest-XXXXXX, where XXXXXX is a random number. The user would be a member of their own group and no other - thus, no access to other users' data.
Likewise, a "cleanup" script could run on boot to delete guest accounts and groups that were not removed, e.g. due to a power failure... The one aspect I'm foggy on is how to delete the account and its data *on logout.* I'm sure that could be done in a bash script or such, but unlike the other stuff I'm not sure how.
(... Why yes, I do in fact have plans to do this. When I get the spare time anyway. A good sysadmin could probably whip something up in a minute or so, but I'm not even a mediocre sysadmin.
)