Make a guest user account


I would like to make a guest user account for my Manjaro system. The account will not have access to sudo, or maybe not even su, and will only be used by a guest user sitting on my desktop, when needed… e.g. say I had a guest who wanted to check his email real quick. I do not want him to have to enter a password to login.

For some reason I can’t really find a good guide to do this on Manjaro or Arch. I have tried creating a user with useradd, and then deleting its password, but it won’t let me login in the display manager. Is there anything else I can try?

Also, is this method of creating a guest user considered insecure, even though it doesnt have access to sudo? Are there any security issues I need to consider?

What desktop are you using?

On KDE you can just Settings > Users > Add new user > Account type = Standard

1 Like

For reasons of privacy/security (especially when checking e-mail), it is strongly advisable to use a password for a guest account.

This is the same in linux everywhere.

Hello @9a3eedi :wink:

That could work:

File: /etc/sysusers.d/guest-account.conf

#Type Name     ID             GECOS                 Home directory Shell
u     guest    2000:2000     "temporary guest"     /home/guest     /usr/bin/bash

FIle: /etc/tmpfiles.d/guest-account.conf

#Type Path        Mode User Group Age Argument…
R     /home/guest  -    -     -     -  -
D     /home/guest  0755 guest guest -  -
C     /home/guest  0755 guest guest -  /etc/skel

Then run:

sudo systemd-sysusers
sudo systemd-tmpfiles --clean

It will reset the guest account on every reboot.


I didn’t know about this. Thanks!

I have to fix a couple of errors.
In /etc/sysusers.d/guest-account.conf you also need to create the group:

#Type Name     ID             GECOS                 Home directory Shell
g     guest    2000 
u     guest    2000:2000     "temporary guest"     /home/guest     /usr/bin/bash

In /etc/tmpfiles.d/guest-account.conf it seems that 3rd and 4th lines conflict. The 3rd line can be skipped and file can be written like this:

#Type Path        Mode User Group Age Argument…
R     /home/guest  -    -     -     -  -
C     /home/guest  0750 guest guest -  /etc/skel

I also changed default permissions to 0750, but not sure how important this could be.


Thanks for testing. :heart: It was just a proposal which I didn’t test myself.

@9a3eedi @cfinnberg

I just tried this AUR package: AUR (en) - systemd-guest-user

Test was on Manjaro XFCE in a VM.

pamac build systemd-guest-user

Login with user “Guest” without a password and you are good. That is the best setup I’ve seen in the wild.

Source: GitHub - Akrai/systemd-guest-user: A simple systemd configurations for guest user support

:notebook: It create a tmpfs for Guest so that anything written to /home/guest will be stored only on the RAM and will be lost on a reboot.


That is actually something that can be really useful.

So the guest user only has access to /tmp (or something similar)?
Does /home/guest get created but symlinked or something?

If I f.ex use firefox, what profile will be used for the guest account?
Will bookmarks be shared?
If no master firefox password, will passwords be shared?

Because the idea is to give access to the internet but NOT to ANYTHING other right?

There must be something wrong with this… It’s too easy!

1 Like

/home/guest will be mounted as tmpfs just like /tmp. yes.


No. It just copies default settings from /etc/skel on every boot.

The guest can access anything what a normal user can. No sudo, hassle.

So the guest userspace is a tmp location and does not have access to any others uerspace, gotcha.
All data will be removed @ reboot.
That sounds great!

That was my initial feeling too, but it seems we are wrong here.

1 Like

That’s the first thing I tried, but that doesn’t let me create a user without a password.

Yeah, creating a user in KDE requres a password ofc.

Try the AUR method described in the thread if you want a passwordless user. The test was performed with XFCE but maybe it works on KDE aswell?

Well this works! :slight_smile:

Thank you for this super easy solution. I do have reservations about installing stuff from the AUR but the files seem to do what your first post mentioned.

My only concern is that the home directory is mounted in tmpfs. In theory it makes sense that everything is deleted after a reboot, but what if the user wanted to download a really large file from the internet for example? But ahh I do have a seperate user-accessible exfat partition if needed.

Another consideration is to create the new Standard user, and a super easy password.

I agree with above. Why not just create a guest user (as normal user, not administrator), give the user a userspace normally (/home/guestusername) and a stupid simple password like “password123”.
The user will ONLY have access to the guests userspace and nothing will get removed @ reboot.
It’s all up to you. But your concern about using AUR is valid, and this would remove that hurdle.

It’s really just for convenience. No password, no complexity, it just works. I agree it’s not a big deal, but I really didn’t want it to have a password during login.

I really like the tmpfs idea though… that way, if another guest comes, and the previous guest forgot to log out of gmail, the new guest won’t have access to the old guest’s gmail because it’s all a new firefox profile. So I think I’ll stick to it. Worse case, I have 16GB RAM + 16GB swap partition anyway… should be enough for tmpfs

I thought having a passwordless user would be a relatively easy thing to do in Linux, just useradd without specifying a password… but I guess not :man_shrugging:t2:

It is, if you add them to /usr/bin/nologin xD
Security my friend.

I thought by not providing any sudo access, I would have good enough security, assuming I had physical security to my machine, and my ssh port was closed. But ahh I’m not an expert on security

I would’ve also been happy with adding a password on the user, but having the display manager (and not e.g. su or ssh) allow passwordless login. I know that some distros do this by letting you automatically login without a password, so I figured it must also work for a guest user… but I’m not sure how to do that.

sudo useradd --create-home guest
sudo passwd --delete guest