Partner links

Guest session and user management on Fedora 15

fedBeta3

User management on Fedora 15 is just as easy as on any other distribution or operating system. And the graphical user management tools (there are two) are very intuitive to use. There are two types of user accounts on Fedora 15 – Standard and Administrator. The Administrator has root or super user privileges. During installation, the user created may be added to the Administrators group. A user in this group can execute all commands using sudo.
fedBeta3

Aside from being able to configure Standard and Administrator accounts, you can also enable the Guest account, which is just a temporary account (with the login name “Guest”) that may be used to log into the system, like any other regular user account. It is, however, passwordless and any data generated during a guest session using this account is temporary. If you have to give someone temporary access to your Fedora 15-powered computer, you may use this account instead of creating a Standard account for the person.

The Guest account is available by default on Mandriva. A similar feature is available on Ubuntu, but the one on Ubuntu has to be started from an active session. To enable the Guest account, you need to install the xguest package. Use yum from the command line or use the graphical package manager to install it. Once installed, the Guest account name will be available on the login screen. As noted earlier, the Guest account is passwordless.
useracct10

Standard Accounts – The account configured during installation is a Standard account. If it is added to the Administrators group, then it is an Administrator account. To manage your account during an active session, start the User Accounts application from System Settings. Using this tool, you can change the account type to Administrator, if you can authenticate successfully as root. You can also change your password, if that feature has not been disabled. If your password has been locked by the administrator, you cannot change your password.

By default, automatic login, or auto-login, is disabled, but you may enable it, if there is a need to.
useracct

An account’s password may be set manually, or you can have the system generate one. A user may be forced to change his password at next login.
useracct1

While the User Accounts tool is used to manage an account’s properties, the Users and Groups application, accessible from Applications > Other > Users and Groups in GNOME 3 Fallback mode, is the system-wide user management application. This is the application to use if you want to create users and groups, delete user accounts, and perform other system-wide user account-related activities.
useracct2

Creating an account is as simple as specifying the login name, name and password.
useracct3

All user accounts are listed on the Users and Groups main window.
useracct4

An account’s properties may be modified from the User Properties window.
useracct5

From the Account Info tab, you may configure the account to expire at a future date. You may also lock the account’s password, which effectively disables the password. If a password is locked, the user cannot change the password
useracct6

From the Password Info tab, you may enable password aging, or set the password to expire at a certain date. “Days before change allowed” specifies the minimum number of days between password changes. If the value is zero, a user may change the password at any time.

“Days before account inactive” is the number of days after a password expires before the account is permanently disabled. A value of 0 disables the account as soon as the password expires, and -1 disables the feature, which is the default.
useracct9

When you create an account on a running system, you may add it to the Administrators groups by adding it to the wheel group. That changes the account from a Standard to an Administrator type.
useracct8

You can have quality articles like this delivered automatically to your Feed Reader or Inbox by subscribing via RSS or email. This website now has a Question and Answer section. Use the commenting system for simple comments, but for more involved assistance, please use the Q & A section.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
6 Comments
Inline Feedbacks
View all comments
choy
choy
12 years ago

hi there. fan of your articles esp. multiple OS boot setups. i tried installing xguest but had troubles doing so. this was the error i got:

Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package xguest.noarch 0:1.0.9-4.fc15 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
xguest noarch 1.0.9-4.fc15 fedora 31 k

Transaction Summary
================================================================================
Install 1 Package(s)

Total download size: 31 k
Installed size: 37 k
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 31 k
xguest-1.0.9-4.fc15.noarch.rpm | 31 kB 00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Error in PREIN scriptlet in rpm package xguest-1.0.9-4.fc15.noarch
error: %pre(xguest-1.0.9-4.fc15.noarch) scriptlet failed, exit status 1

Failed:
xguest.noarch 0:1.0.9-4.fc15

Complete!

–i tried browsing through forums and found one solution for this. that is, to create an xguest ‘ID’ and xguest package should install. so i did that and i was able to install xguest package. problem is, selinux troubleshooter notified me a problem has been detected:

SELinux is preventing /usr/bin/gnome-keyring-daemon from getattr access on the filesystem /.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that gnome-keyring-daemon should be allowed getattr access on the filesystem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep gnome-keyring-d /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context xguest_u:xguest_r:xguest_gkeyringd_t:s0
Target Context system_u:object_r:tmpfs_t:s0
Target Objects / [ filesystem ]
Source gnome-keyring-d
Source Path /usr/bin/gnome-keyring-daemon
Port
Host choy-notebook
Source RPM Packages gnome-keyring-3.0.3-1.fc15
Target RPM Packages filesystem-2.4.41-1.fc15
Policy RPM selinux-policy-3.9.16-34.fc15
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name choy-notebook
Platform Linux choy-notebook 2.6.38.8-35.fc15.i686.PAE #1
SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
Alert Count 1
First Seen Wed 27 Jul 2011 12:19:09 PM PHT
Last Seen Wed 27 Jul 2011 12:19:09 PM PHT
Local ID acd2148e-4b1c-4e89-843f-a92098217176

Raw Audit Messages
type=AVC msg=audit(1311740349.405:163): avc: denied { getattr } for pid=2318 comm=”gnome-keyring-d” name=”/” dev=tmpfs ino=49144 scontext=xguest_u:xguest_r:xguest_gkeyringd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem

type=SYSCALL msg=audit(1311740349.405:163): arch=i386 syscall=statfs success=no exit=EACCES a0=9ccb170 a1=bfa26b60 a2=46112c a3=0 items=0 ppid=1 pid=2318 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4 comm=gnome-keyring-d exe=/usr/bin/gnome-keyring-daemon subj=xguest_u:xguest_r:xguest_gkeyringd_t:s0 key=(null)

Hash: gnome-keyring-d,xguest_gkeyringd_t,tmpfs_t,filesystem,getattr

audit2allow

#============= xguest_gkeyringd_t ==============
allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;

audit2allow -R

#============= xguest_gkeyringd_t ==============
allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;

–my question is, am i missing anything? is it ok to create an xguest id prior to installation of the package? also, is /home directory required for a guest session (xguest user)? is there a better way of installing this and not get any errors/problems from selinux troubleshooter? thanks!!

choy
choy
Reply to  finid
12 years ago

I did your advice and installation went through. I just have a few questions. When you say the guest user’s home and temporary directories are mounted at tmpfs (so there is no real home folder for the account), does that mean to say that the xguest directory i’m seeing on /home was generated when xguest was installed and that it works only as a “virtual” /home directory for the guest account?

I also think selinux is not in enforcing mode since I see “account disabled” for the password field under User Accounts. Is that ok? sorry if my questions sound stupid. Thank you for helping!

choy
choy
Reply to  finid
12 years ago

thanks a lot! 😀

Get the latest

On social media

Security distros

Hacker
Linux distros for hacking and pentesting

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Categories
Archives
6
0
Hya, what do you think? Please comment.x
()
x