Hi all, I am currently thinking about how to design a sane "guest session" feature in Ubuntu. I took some notes on [1] about the requirements, but the interesting ones relevant here are: * The guest login should not have a password. Otherwise it needs to be a well-known one which people would just put on a sticky note on their monitor. * You should not be able to boot a machine and start a guest account without any further authentication, since that would make it too easy to capture a machine and abusing it for bad things [2]. Thus ideally you wouldn't see it on the main gdm login screen, but you can start the guest session from fast-user-switch-applet or the logout/switch user dialog. gdm 2.22.0 has some preliminary infrastructure for that (gdm_user_chooser_widget_set_show_guest_user()), but it's disabled right now. However, that seems to show that you (as in "upstream") have an interest in working on this as well, so maybe we can attack this together? What are your current plans for supporting a guest account, and in particular, which requirements do you have? Are they similar to the ones from above? I'd like to use gdm, because it already cares about all the gory details like creating .Xauthority cookies, finding a free $DISPLAY, starting the X server, registering a ConsoleKit session, starting the session, and killing the X server when the session ends. None of those are particularly hard to replicate (some lines of shell/python/c which starts the server with the guest session, wrapped as a system D-BUS service, and access-controlled with a "local foreground session only" PolicyKit privilege). But if gdm wants/will get that feature anyway, I'd like to avoid reinventing half of the wheel for that. Thanks in advance! Martin [1] https://wiki.ubuntu.com/DesktopTeam/Specs/Intrepid/GuestAccount [2] Of course the guest account will be locked down with SELinux/AppArmor/reduced PolicyKit privileges, but that's still useful for doing network attacks, etc. Locking down the network would make a guest account pretty useless. -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Attachment:
signature.asc
Description: Digital signature