Re: How to Setup a Secure Guest Account [was] Password-protecting fedora.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You also, for a shared login like that, should use a browser in a kiosk mode that doesn't allow changes to settings, history, etc. Unless you want to clean it up occasionally. Opera has a very good kiosk mode. Mozilla/Firefox has a lot of potential, but the kiosk modes I know about aren't there yet. When we do this at work (a big museum) it's usually for web-connected kiosk stations that we can't have porn, etc., popping up on. Also we don't want to fix them all the time. But at the moment we use MS Windows stations with severely restricted system policies for this, we haven't done a linux one yet.

Another way to do something similar is to make everything in the home directory readable only, not writable, but that will probably lead to a lot of errors here and there that may be hard to track down and fix.

Years ago I used to use rsh (restricted shell) for vendors uploading stuff to a unix server via modem. Basically upon login on that terminal (ttys0 or whatever) it would auto-login to an account under /bin/rsh, and immediately start a little upload app that, upon exit, logged them off. And rsh prevented things like hitting '!' to get a shell prompt. But I have no clue how to use it anymore, or how well it would work with a GUI. It's probably worth looking into.

The holy grail is the terminal server idea (Windows Terminal Server, Citrix, LTSP), but that's more effort probably than the posters here are interested in. It gives you the absolute most control over what logins can do.

On 03/09/2004 10:05 PM, Ow Mun Heng wrote:



-----Original Message-----
From: Bevan C. Bennett [mailto:bevan@xxxxxxxxxxxxxxxx]

Ow Mun Heng wrote:


-----Original Message-----
From: Matt Morgan [mailto:matt.morgan@xxxxxxxxxxxxxxxxxx]

I was talking about gdmflexiserver. In case it wasn't clear

from the part


where I said "But I forget what it's called," I couldn't remember what it
was called :-). Fortunately a few other people wrote in about it as well.

Yes, there are lots of ways to have more than one account loged into Unix
at the same time. Score one for Bjorn. gdmflexiserver makes

it really


easy, is the main reason I mentioned it. I thought it might help the
original poster, who was looking for a way to give people access to the
computer without them seeing his mail. The combination of a guest account
with a new login via gdmflexiserver would probably be the fastest/safest
way to so what he wants.


<SNIP>
Talking about guest users. ANyone has any pointers on how, specifically to create a guest user? I mean, it must just be able to perform/access _normal_ stuffs (eg: web browsing, office
etc) and not have access to anything else?

Main keyword here I guess is _very_limited_access. Even more
restrictive than normal users.


You can chgrp all the things in /usr/bin (or elsewhere) that you don't want guests using to a new group "real_users", then chmod o-rwx on them all. Add all your 'non-guest' users to the real_users group so they can continue to use them. This isn't strictly considered neccessary, as normal users can't mess up system files, and normal users (if properly configured) won't be allowed to see or edit each other's files either.



Wow.. That's a real pain. Luckily I'm the only person using this laptop



(since I presume that the user/password combo would be guest/guest)


The name and password for any user are whatever you want them to be.



That's not actually a question. more like a statement. Oh well..

Thanks







[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux