Create guest account in Gnome 3.X on Arch Linux
Solution 1
It turns out it's quite simple with GDM. I assume you're using GDM since you're also using Gnome. First, create the guest
user account with a blank password:
sudo useradd -d /tmp/guest -p $(openssl passwd "") guest
The openssl passwd ""
will return the hash of the empty string, thereby setting the password to blank.
Now, all you need are these two scripts:
/etc/gdm/PostLogin/Default
This is executed after you log in and will create the /tmp/$guestuser
(/tmp/guest
by default) directory and copy the default files from /etc/skel
to it. To change the default username for the guest user, set guestuser
to something else at the beginning.
<!-- language: lang-bash -->
#!/bin/sh
guestuser="guest"
## Set up guest user session
if [ "$USER" = "$guestuser" ]; then
mkdir /tmp/"$guestuser"
cp /etc/skel/.* /tmp/"$guestuser"
chown -R "$guestuser":"$guestuser" /tmp/"$guestuser"
fi
exit 0
/etc/gdm/PostSession/Default
This is executed after you log out and will remove the /etc/$guestuser
directory and all its contents. Make sure to set guestuser
to the same value in both scripts.
<!-- language: lang-bash -->
#!/bin/sh
guestuser="guest"
## Clear up the guest user session
if [ "$USER" = "$guestuser" ]; then
rm -rf /tmp/"$guestuser"
fi
exit 0
Finally, make the two scripts executable:
sudo chmod 755 /etc/gdm/PostLogin/Default /etc/gdm/PostSession/Default
Now, just log out and you will see your new guest
user. You can log in by selecting it and hitting Enter when prompted for a password. The guest
user won't be able to use sudo
since that is the default for all users anyway. Only users explicitly mentioned in /etc/sudoers
or those who are members of groups explicitly mentioned in sudoers
(such as wheel
or sudo
, depending on your distribution) can use sudo
.
If you are using a recent version of GDM, it may disable the login button while the password box is empty. To work around this you can tell GDM not to prompt for the password for specific groups. The caveat is that this will also bypass the session selection menu for members of that group. If you want to do this you should add this line at the beginning of /etc/pam.d/gdm-password
:
auth sufficient pam_succeed_if.so user ingroup guest
Solution 2
You could make use of logoff scripts. There you can delete the home folder for your guest account and create a new one on logout. If necessary, you could make it sudo
able by the guest account via visudo
. Add yourguestacc ALL=(root) NOPASSWD: /path/to/script/recreating/the/home/folder
. See the arch wiki for further information.
Related videos on Youtube
Edward Torvalds
Updated on September 18, 2022Comments
-
Edward Torvalds over 1 year
I want a guest account just like in Ubuntu which has following features:
- It does not require password to login
- A new home folder (in
/tmp
if possible) is created with no data every time - User data is deleted as soon as he/she logs out
- User can not use
sudo
I am running Gnome 3.20 on Arch Linux
NOTE: please don't close my question as duplicate of Create guest account with restricted access to applications because that question does not have answers to my 2nd and 3rd point
-
Admin about 8 yearsI have no idea how Ubuntu does it. If you need "exactly like Ubuntu", you'll have to edit your question and explain what that means. However, the links provided in the linked answer give the ways you can limit a user's authority and are almost certainly how Ubuntu has implemented whatever they've implemented behind the scenes. Try it.
-
Edward Torvalds about 8 yearswhy do you have to
chmod
those files? there is no need of that, because those scripts are run by root -
terdon about 8 years@edwardtorvalds so? What difference does that make? Root can't execute non-executable files. And yes, you do need it because I tried it without making them executable and it failed. It would appear the scripts are being run directly (
/path/to/script
) and not as arguments tosh
. Which makes sense since the examples provided included a shebang line. -
Edward Torvalds about 8 yearsOn Login screen, your solution requires to press enter without entering anything which worked in 3.16. In newer gnome (probably from 3.18) you cannot press enter without entering anything. so work around is to keep hashed password section in
/etc/shadow
empty. -
Edward Torvalds almost 8 yearssince
/tmp/guest/
folder does not exists on startup, shadow service of systemd is failing every time -
MattSturgeon about 7 yearsI added a paragraph on using PAM to bypass the gdm password prompt
-
terdon about 7 years@MattSturgeon thanks. I assume you've tested that, right?
-
MattSturgeon about 7 years@terdon works fine on my arch machine. It was actually required since gdm now won't attempt to login until you have entered a password. May be worth double checking that
useradd
always creates a default group (on all unix distros), since the PAM line uses groups. -
terdon about 7 years@MattSturgeon yeah, it seems perfectly reasonable, I just asked because since I haven't tested it, I couldn't know whether it works. Great edit, thanks!
-
terdon almost 7 years@G-Man yes, good point. It will probably break if two guest accounts log in at the same time.
-
tjespe over 6 yearsThis only worked for me after I replaced
#!/bin/sh
with#!/bin/bash
because theif
statement was failing withsh
for some reason. Took me 15 minutes of testing and debugging. -
43Tesseracts almost 4 yearsI had to replace the if statement on PostSession script, not sure why, maybe it runs as gdm user and not guest? So just tries to delete the guest drive when anyone logs out now, but it works!
-
terdon almost 4 years@43Tesseracts sorry, my bad. The
if [[
is a bash thing, so it works if your/bin/sh
is pointing to bash, but not if it is pointing to some other shell (e.g.dash
as is the case on Debian and Ubuntu). The updated answer should work for all of them.