I would like to make a guest user account for my Manjaro system. The account will not have access to sudo, or maybe not even su, and will only be used by a guest user sitting on my desktop, when needed… e.g. say I had a guest who wanted to check his email real quick. I do not want him to have to enter a password to login.
For some reason I can’t really find a good guide to do this on Manjaro or Arch. I have tried creating a user with useradd, and then deleting its password, but it won’t let me login in the display manager. Is there anything else I can try?
Also, is this method of creating a guest user considered insecure, even though it doesnt have access to sudo? Are there any security issues I need to consider?
That is actually something that can be really useful.
So the guest user only has access to /tmp (or something similar)?
Does /home/guest get created but symlinked or something?
If I f.ex use firefox, what profile will be used for the guest account?
Will bookmarks be shared?
If no master firefox password, will passwords be shared?
Because the idea is to give access to the internet but NOT to ANYTHING other right?
So the guest userspace is a tmp location and does not have access to any others uerspace, gotcha.
All data will be removed @ reboot.
That sounds great!
That was my initial feeling too, but it seems we are wrong here.
Thank you for this super easy solution. I do have reservations about installing stuff from the AUR but the files seem to do what your first post mentioned.
My only concern is that the home directory is mounted in tmpfs. In theory it makes sense that everything is deleted after a reboot, but what if the user wanted to download a really large file from the internet for example? But ahh I do have a seperate user-accessible exfat partition if needed.
I agree with above. Why not just create a guest user (as normal user, not administrator), give the user a userspace normally (/home/guestusername) and a stupid simple password like “password123”.
The user will ONLY have access to the guests userspace and nothing will get removed @ reboot.
It’s all up to you. But your concern about using AUR is valid, and this would remove that hurdle.
It’s really just for convenience. No password, no complexity, it just works. I agree it’s not a big deal, but I really didn’t want it to have a password during login.
I really like the tmpfs idea though… that way, if another guest comes, and the previous guest forgot to log out of gmail, the new guest won’t have access to the old guest’s gmail because it’s all a new firefox profile. So I think I’ll stick to it. Worse case, I have 16GB RAM + 16GB swap partition anyway… should be enough for tmpfs
I thought having a passwordless user would be a relatively easy thing to do in Linux, just useradd without specifying a password… but I guess not
I thought by not providing any sudo access, I would have good enough security, assuming I had physical security to my machine, and my ssh port was closed. But ahh I’m not an expert on security
I would’ve also been happy with adding a password on the user, but having the display manager (and not e.g. su or ssh) allow passwordless login. I know that some distros do this by letting you automatically login without a password, so I figured it must also work for a guest user… but I’m not sure how to do that.