Came here in search of an answer to a problem, but didn't find it? Visit the forum @ LinuxBSDos.com, pick a category and ask a question.

Guest session and user management on Fedora 15

User management on Fedora 15 is just as easy as on any other distribution or operating system. And the graphical user management tools (there are two) are very intuitive to use. There are two types of user accounts on Fedora 15 – Standard and Administrator. The Administrator has root or super user privileges. During installation, the user created may be added to the Administrators group. A user in this group can execute all commands using sudo.
fedBeta3

Aside from being able to configure Standard and Administrator accounts, you can also enable the Guest account, which is just a temporary account (with the login name “Guest”) that may be used to log into the system, like any other regular user account. It is, however, passwordless and any data generated during a guest session using this account is temporary. If you have to give someone temporary access to your Fedora 15-powered computer, you may use this account instead of creating a Standard account for the person.

The Guest account is available by default on Mandriva. A similar feature is available on Ubuntu, but the one on Ubuntu has to be started from an active session. To enable the Guest account, you need to install the xguest package. Use yum from the command line or use the graphical package manager to install it. Once installed, the Guest account name will be available on the login screen. As noted earlier, the Guest account is passwordless.
useracct10

Standard Accounts – The account configured during installation is a Standard account. If it is added to the Administrators group, then it is an Administrator account. To manage your account during an active session, start the User Accounts application from System Settings. Using this tool, you can change the account type to Administrator, if you can authenticate successfully as root. You can also change your password, if that feature has not been disabled. If your password has been locked by the administrator, you cannot change your password.

By default, automatic login, or auto-login, is disabled, but you may enable it, if there is a need to.
useracct

An account’s password may be set manually, or you can have the system generate one. A user may be forced to change his password at next login.
useracct1

While the User Accounts tool is used to manage an account’s properties, the Users and Groups application, accessible from Applications > Other > Users and Groups in GNOME 3 Fallback mode, is the system-wide user management application. This is the application to use if you want to create users and groups, delete user accounts, and perform other system-wide user account-related activities.
useracct2

Creating an account is as simple as specifying the login name, name and password.
useracct3

All user accounts are listed on the Users and Groups main window.
useracct4

An account’s properties may be modified from the User Properties window.
useracct5

From the Account Info tab, you may configure the account to expire at a future date. You may also lock the account’s password, which effectively disables the password. If a password is locked, the user cannot change the password
useracct6

From the Password Info tab, you may enable password aging, or set the password to expire at a certain date. “Days before change allowed” specifies the minimum number of days between password changes. If the value is zero, a user may change the password at any time.

“Days before account inactive” is the number of days after a password expires before the account is permanently disabled. A value of 0 disables the account as soon as the password expires, and -1 disables the feature, which is the default.
useracct9

When you create an account on a running system, you may add it to the Administrators groups by adding it to the wheel group. That changes the account from a Standard to an Administrator type.
useracct8

You can have quality articles like this delivered automatically to your Feed Reader or Inbox by subscribing via RSS or email. This website now has a Question and Answer section. Use the commenting system for simple comments, but for more involved assistance, please use the Q & A section.

Digital Ocean SSD VPS Cloud Server droplets

Digital Ocean is a VPS/Cloud hosting provider. For just $5 per month, you can get yourself a Cloud server with 512 MB of RAM, 20 GB super-fast SSD, free snapshots, plus backups for a minimal fee. All via a simple graphical interface.

And by signing up with this referral link, you can help support this website.

If you are reading this, your ad could also be occupying this space. Contact us to make it happen.

If commenting on this article is closed, please post your comments at forum.linuxbsdos.com.

6 Comments

  1. choy says:

    hi there. fan of your articles esp. multiple OS boot setups. i tried installing xguest but had troubles doing so. this was the error i got:

    Setting up Install Process
    Resolving Dependencies
    –> Running transaction check
    —> Package xguest.noarch 0:1.0.9-4.fc15 will be installed
    –> Finished Dependency Resolution

    Dependencies Resolved

    ================================================================================
    Package Arch Version Repository Size
    ================================================================================
    Installing:
    xguest noarch 1.0.9-4.fc15 fedora 31 k

    Transaction Summary
    ================================================================================
    Install 1 Package(s)

    Total download size: 31 k
    Installed size: 37 k
    Is this ok [y/N]: y
    Downloading Packages:
    Setting up and reading Presto delta metadata
    Processing delta metadata
    Package(s) data still to download: 31 k
    xguest-1.0.9-4.fc15.noarch.rpm | 31 kB 00:01
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Error in PREIN scriptlet in rpm package xguest-1.0.9-4.fc15.noarch
    error: %pre(xguest-1.0.9-4.fc15.noarch) scriptlet failed, exit status 1

    Failed:
    xguest.noarch 0:1.0.9-4.fc15

    Complete!

    –i tried browsing through forums and found one solution for this. that is, to create an xguest ‘ID’ and xguest package should install. so i did that and i was able to install xguest package. problem is, selinux troubleshooter notified me a problem has been detected:

    SELinux is preventing /usr/bin/gnome-keyring-daemon from getattr access on the filesystem /.

    ***** Plugin catchall (100. confidence) suggests ***************************

    If you believe that gnome-keyring-daemon should be allowed getattr access on the filesystem by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    # grep gnome-keyring-d /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

    Additional Information:
    Source Context xguest_u:xguest_r:xguest_gkeyringd_t:s0
    Target Context system_u:object_r:tmpfs_t:s0
    Target Objects / [ filesystem ]
    Source gnome-keyring-d
    Source Path /usr/bin/gnome-keyring-daemon
    Port
    Host choy-notebook
    Source RPM Packages gnome-keyring-3.0.3-1.fc15
    Target RPM Packages filesystem-2.4.41-1.fc15
    Policy RPM selinux-policy-3.9.16-34.fc15
    Selinux Enabled True
    Policy Type targeted
    Enforcing Mode Enforcing
    Host Name choy-notebook
    Platform Linux choy-notebook 2.6.38.8-35.fc15.i686.PAE #1
    SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
    Alert Count 1
    First Seen Wed 27 Jul 2011 12:19:09 PM PHT
    Last Seen Wed 27 Jul 2011 12:19:09 PM PHT
    Local ID acd2148e-4b1c-4e89-843f-a92098217176

    Raw Audit Messages
    type=AVC msg=audit(1311740349.405:163): avc: denied { getattr } for pid=2318 comm=”gnome-keyring-d” name=”/” dev=tmpfs ino=49144 scontext=xguest_u:xguest_r:xguest_gkeyringd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem

    type=SYSCALL msg=audit(1311740349.405:163): arch=i386 syscall=statfs success=no exit=EACCES a0=9ccb170 a1=bfa26b60 a2=46112c a3=0 items=0 ppid=1 pid=2318 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4 comm=gnome-keyring-d exe=/usr/bin/gnome-keyring-daemon subj=xguest_u:xguest_r:xguest_gkeyringd_t:s0 key=(null)

    Hash: gnome-keyring-d,xguest_gkeyringd_t,tmpfs_t,filesystem,getattr

    audit2allow

    #============= xguest_gkeyringd_t ==============
    allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;

    audit2allow -R

    #============= xguest_gkeyringd_t ==============
    allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;

    –my question is, am i missing anything? is it ok to create an xguest id prior to installation of the package? also, is /home directory required for a guest session (xguest user)? is there a better way of installing this and not get any errors/problems from selinux troubleshooter? thanks!!

    • finid says:

      I just installed the xguest package and I did not get any errors. And I did not have to create a special id for it.

      Note that the Guest user’s home and temporary directories are mounted at tmpfs, so there is no real home folder for the account.

      Try this: Delete the id that you created, then uninstall xguest. Reinstall it using the graphical package manager and see if that works. The account will be disabled if SELinux is not in enforcing mode. On Fedora 15, SELinux is in enforcing mode by default, so that should not be a problem.

      If it does not work, you may have to disable SELinux, which is what many tend to do because SELinux can be more of a pain than a blessing.

      • choy says:

        I did your advice and installation went through. I just have a few questions. When you say the guest user’s home and temporary directories are mounted at tmpfs (so there is no real home folder for the account), does that mean to say that the xguest directory i’m seeing on /home was generated when xguest was installed and that it works only as a “virtual” /home directory for the guest account?

        I also think selinux is not in enforcing mode since I see “account disabled” for the password field under User Accounts. Is that ok? sorry if my questions sound stupid. Thank you for helping!

        • finid says:

          Yes, the home folder is temporary. According to the description of xguest, the “home and temporary directories of the user will be polyinstantiated and mounted on tmpfs.” This is a security feature that ensures that the guest user cannot access anything outside his home and temporary directory.

          The account’s password is disabled, so you can log in automatically. Nothing is saved when you log out.

          In Fedora, SELinux is in enforcing mode by default else you would not have been able to use the guest account. You may view the default settings of SELinux in the /etc/selinux/config file.

          Btw, there are no stupid questions. We are all students.

Leave a Comment