What desktop are you using?
On KDE you can just Settings > Users > Add new user > Account type = Standard
1 Like
For reasons of privacy/security (especially when checking e-mail), it is strongly advisable to use a password for a guest account.
https://wiki.archlinux.org/title/users_and_groups
This is the same in linux everywhere.
Hello @9a3eedi 
That could work:
File: /etc/sysusers.d/guest-account.conf
#Type Name ID GECOS Home directory Shell
u guest 2000:2000 "temporary guest" /home/guest /usr/bin/bash
FIle: /etc/tmpfiles.d/guest-account.conf
#Type Path Mode User Group Age Argument…
R /home/guest - - - - -
D /home/guest 0755 guest guest - -
C /home/guest 0755 guest guest - /etc/skel
Then run:
sudo systemd-sysusers
sudo systemd-tmpfiles --clean
It will reset the guest account on every reboot.
2 Likes
I didn’t know about this. Thanks!
I have to fix a couple of errors.
In /etc/sysusers.d/guest-account.conf you also need to create the group:
#Type Name ID GECOS Home directory Shell
g guest 2000
u guest 2000:2000 "temporary guest" /home/guest /usr/bin/bash
In /etc/tmpfiles.d/guest-account.conf it seems that 3rd and 4th lines conflict. The 3rd line can be skipped and file can be written like this:
#Type Path Mode User Group Age Argument…
R /home/guest - - - - -
C /home/guest 0750 guest guest - /etc/skel
I also changed default permissions to 0750, but not sure how important this could be.
3 Likes
Thanks for testing. 
It was just a proposal which I didn’t test myself.
I just tried this AUR package: AUR (en) - systemd-guest-user
Test was on Manjaro XFCE in a VM.
pamac build systemd-guest-user
reboot
Login with user “Guest” without a password and you are good. That is the best setup I’ve seen in the wild.
Source: GitHub - Akrai/systemd-guest-user: A simple systemd configurations for guest user support
It create a tmpfs for Guest so that anything written to /home/guest will be stored only on the RAM and will be lost on a reboot.
5 Likes
That is actually something that can be really useful.
So the guest user only has access to /tmp (or something similar)?
Does /home/guest get created but symlinked or something?
If I f.ex use firefox, what profile will be used for the guest account?
Will bookmarks be shared?
If no master firefox password, will passwords be shared?
Because the idea is to give access to the internet but NOT to ANYTHING other right?
There must be something wrong with this… It’s too easy!
1 Like
/home/guest will be mounted as tmpfs just like /tmp. yes.
No.
No. It just copies default settings from /etc/skel on every boot.
The guest can access anything what a normal user can. No sudo, hassle.
So the guest userspace is a tmp location and does not have access to any others uerspace, gotcha.
All data will be removed @ reboot.
That sounds great!
That was my initial feeling too, but it seems we are wrong here.
1 Like
That’s the first thing I tried, but that doesn’t let me create a user without a password.
Yeah, creating a user in KDE requres a password ofc.
Try the AUR method described in the thread if you want a passwordless user. The test was performed with XFCE but maybe it works on KDE aswell?
Well this works! 
Thank you for this super easy solution. I do have reservations about installing stuff from the AUR but the files seem to do what your first post mentioned.
My only concern is that the home directory is mounted in tmpfs. In theory it makes sense that everything is deleted after a reboot, but what if the user wanted to download a really large file from the internet for example? But ahh I do have a seperate user-accessible exfat partition if needed.
Another consideration is to create the new Standard user, and a super easy password.
I agree with above. Why not just create a guest user (as normal user, not administrator), give the user a userspace normally (/home/guestusername) and a stupid simple password like “password123”.
The user will ONLY have access to the guests userspace and nothing will get removed @ reboot.
It’s all up to you. But your concern about using AUR is valid, and this would remove that hurdle.
It’s really just for convenience. No password, no complexity, it just works. I agree it’s not a big deal, but I really didn’t want it to have a password during login.
I really like the tmpfs idea though… that way, if another guest comes, and the previous guest forgot to log out of gmail, the new guest won’t have access to the old guest’s gmail because it’s all a new firefox profile. So I think I’ll stick to it. Worse case, I have 16GB RAM + 16GB swap partition anyway… should be enough for tmpfs
I thought having a passwordless user would be a relatively easy thing to do in Linux, just useradd without specifying a password… but I guess not 
It is, if you add them to /usr/bin/nologin xD
Security my friend.
I thought by not providing any sudo access, I would have good enough security, assuming I had physical security to my machine, and my ssh port was closed. But ahh I’m not an expert on security
I would’ve also been happy with adding a password on the user, but having the display manager (and not e.g. su or ssh) allow passwordless login. I know that some distros do this by letting you automatically login without a password, so I figured it must also work for a guest user… but I’m not sure how to do that.
sudo useradd --create-home guest
sudo passwd --delete guest
This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.