User management on Fedora 15 is just as easy as on any other distribution or operating system. And the graphical user management tools (there are two) are very intuitive to use. There are two types of user accounts on Fedora 15 – Standard and Administrator. The Administrator has root or super user privileges. During installation, the user created may be added to the Administrators group. A user in this group can execute all commands using sudo.
Aside from being able to configure Standard and Administrator accounts, you can also enable the Guest account, which is just a temporary account (with the login name “Guest”) that may be used to log into the system, like any other regular user account. It is, however, passwordless and any data generated during a guest session using this account is temporary. If you have to give someone temporary access to your Fedora 15-powered computer, you may use this account instead of creating a Standard account for the person.
The Guest account is available by default on Mandriva. A similar feature is available on Ubuntu, but the one on Ubuntu has to be started from an active session. To enable the Guest account, you need to install the xguest package. Use yum from the command line or use the graphical package manager to install it. Once installed, the Guest account name will be available on the login screen. As noted earlier, the Guest account is passwordless.
Standard Accounts – The account configured during installation is a Standard account. If it is added to the Administrators group, then it is an Administrator account. To manage your account during an active session, start the User Accounts application from System Settings. Using this tool, you can change the account type to Administrator, if you can authenticate successfully as root. You can also change your password, if that feature has not been disabled. If your password has been locked by the administrator, you cannot change your password.
By default, automatic login, or auto-login, is disabled, but you may enable it, if there is a need to.
An account’s password may be set manually, or you can have the system generate one. A user may be forced to change his password at next login.
While the User Accounts tool is used to manage an account’s properties, the Users and Groups application, accessible from Applications > Other > Users and Groups in GNOME 3 Fallback mode, is the system-wide user management application. This is the application to use if you want to create users and groups, delete user accounts, and perform other system-wide user account-related activities.
Creating an account is as simple as specifying the login name, name and password.
All user accounts are listed on the Users and Groups main window.
An account’s properties may be modified from the User Properties window.
From the Account Info tab, you may configure the account to expire at a future date. You may also lock the account’s password, which effectively disables the password. If a password is locked, the user cannot change the password
From the Password Info tab, you may enable password aging, or set the password to expire at a certain date. “Days before change allowed” specifies the minimum number of days between password changes. If the value is zero, a user may change the password at any time.
“Days before account inactive” is the number of days after a password expires before the account is permanently disabled. A value of 0 disables the account as soon as the password expires, and -1 disables the feature, which is the default.
When you create an account on a running system, you may add it to the Administrators groups by adding it to the wheel group. That changes the account from a Standard to an Administrator type.
You can have quality articles like this delivered automatically to your Feed Reader or Inbox by subscribing via RSS or email. This website now has a Question and Answer section. Use the commenting system for simple comments, but for more involved assistance, please use the Q & A section.
hi there. fan of your articles esp. multiple OS boot setups. i tried installing xguest but had troubles doing so. this was the error i got:
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package xguest.noarch 0:1.0.9-4.fc15 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
xguest noarch 1.0.9-4.fc15 fedora 31 k
Transaction Summary
================================================================================
Install 1 Package(s)
Total download size: 31 k
Installed size: 37 k
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 31 k
xguest-1.0.9-4.fc15.noarch.rpm | 31 kB 00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Error in PREIN scriptlet in rpm package xguest-1.0.9-4.fc15.noarch
error: %pre(xguest-1.0.9-4.fc15.noarch) scriptlet failed, exit status 1
Failed:
xguest.noarch 0:1.0.9-4.fc15
Complete!
–i tried browsing through forums and found one solution for this. that is, to create an xguest ‘ID’ and xguest package should install. so i did that and i was able to install xguest package. problem is, selinux troubleshooter notified me a problem has been detected:
SELinux is preventing /usr/bin/gnome-keyring-daemon from getattr access on the filesystem /.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that gnome-keyring-daemon should be allowed getattr access on the filesystem by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep gnome-keyring-d /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context xguest_u:xguest_r:xguest_gkeyringd_t:s0
Target Context system_u:object_r:tmpfs_t:s0
Target Objects / [ filesystem ]
Source gnome-keyring-d
Source Path /usr/bin/gnome-keyring-daemon
Port
Host choy-notebook
Source RPM Packages gnome-keyring-3.0.3-1.fc15
Target RPM Packages filesystem-2.4.41-1.fc15
Policy RPM selinux-policy-3.9.16-34.fc15
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name choy-notebook
Platform Linux choy-notebook 2.6.38.8-35.fc15.i686.PAE #1
SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
Alert Count 1
First Seen Wed 27 Jul 2011 12:19:09 PM PHT
Last Seen Wed 27 Jul 2011 12:19:09 PM PHT
Local ID acd2148e-4b1c-4e89-843f-a92098217176
Raw Audit Messages
type=AVC msg=audit(1311740349.405:163): avc: denied { getattr } for pid=2318 comm=”gnome-keyring-d” name=”/” dev=tmpfs ino=49144 scontext=xguest_u:xguest_r:xguest_gkeyringd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1311740349.405:163): arch=i386 syscall=statfs success=no exit=EACCES a0=9ccb170 a1=bfa26b60 a2=46112c a3=0 items=0 ppid=1 pid=2318 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4 comm=gnome-keyring-d exe=/usr/bin/gnome-keyring-daemon subj=xguest_u:xguest_r:xguest_gkeyringd_t:s0 key=(null)
Hash: gnome-keyring-d,xguest_gkeyringd_t,tmpfs_t,filesystem,getattr
audit2allow
#============= xguest_gkeyringd_t ==============
allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;
audit2allow -R
#============= xguest_gkeyringd_t ==============
allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;
–my question is, am i missing anything? is it ok to create an xguest id prior to installation of the package? also, is /home directory required for a guest session (xguest user)? is there a better way of installing this and not get any errors/problems from selinux troubleshooter? thanks!!
I just installed the xguest package and I did not get any errors. And I did not have to create a special id for it.
Note that the Guest user’s home and temporary directories are mounted at tmpfs, so there is no real home folder for the account.
Try this: Delete the id that you created, then uninstall xguest. Reinstall it using the graphical package manager and see if that works. The account will be disabled if SELinux is not in enforcing mode. On Fedora 15, SELinux is in enforcing mode by default, so that should not be a problem.
If it does not work, you may have to disable SELinux, which is what many tend to do because SELinux can be more of a pain than a blessing.
I did your advice and installation went through. I just have a few questions. When you say the guest user’s home and temporary directories are mounted at tmpfs (so there is no real home folder for the account), does that mean to say that the xguest directory i’m seeing on /home was generated when xguest was installed and that it works only as a “virtual” /home directory for the guest account?
I also think selinux is not in enforcing mode since I see “account disabled” for the password field under User Accounts. Is that ok? sorry if my questions sound stupid. Thank you for helping!
Yes, the home folder is temporary. According to the description of xguest, the “home and temporary directories of the user will be polyinstantiated and mounted on tmpfs.” This is a security feature that ensures that the guest user cannot access anything outside his home and temporary directory.
The account’s password is disabled, so you can log in automatically. Nothing is saved when you log out.
In Fedora, SELinux is in enforcing mode by default else you would not have been able to use the guest account. You may view the default settings of SELinux in the /etc/selinux/config file.
Btw, there are no stupid questions. We are all students.
thanks a lot! 😀