Guest session and user management on Fedora 15


User management on Fedora 15 is just as easy as on any other distribution or operating system. And the graphical user management tools (there are two) are very intuitive to use. There are two types of user accounts on Fedora 15 – Standard and Administrator. The Administrator has root or super user privileges. During installation, the user created may be added to the Administrators group. A user in this group can execute all commands using sudo.

Aside from being able to configure Standard and Administrator accounts, you can also enable the Guest account, which is just a temporary account (with the login name “Guest”) that may be used to log into the system, like any other regular user account. It is, however, passwordless and any data generated during a guest session using this account is temporary. If you have to give someone temporary access to your Fedora 15-powered computer, you may use this account instead of creating a Standard account for the person.

The Guest account is available by default on Mandriva. A similar feature is available on Ubuntu, but the one on Ubuntu has to be started from an active session. To enable the Guest account, you need to install the xguest package. Use yum from the command line or use the graphical package manager to install it. Once installed, the Guest account name will be available on the login screen. As noted earlier, the Guest account is passwordless.

Related Post:  Install Mageia 1 on an encrypted LVM file system

Standard Accounts – The account configured during installation is a Standard account. If it is added to the Administrators group, then it is an Administrator account. To manage your account during an active session, start the User Accounts application from System Settings. Using this tool, you can change the account type to Administrator, if you can authenticate successfully as root. You can also change your password, if that feature has not been disabled. If your password has been locked by the administrator, you cannot change your password.

By default, automatic login, or auto-login, is disabled, but you may enable it, if there is a need to.

An account’s password may be set manually, or you can have the system generate one. A user may be forced to change his password at next login.

While the User Accounts tool is used to manage an account’s properties, the Users and Groups application, accessible from Applications > Other > Users and Groups in GNOME 3 Fallback mode, is the system-wide user management application. This is the application to use if you want to create users and groups, delete user accounts, and perform other system-wide user account-related activities.

Creating an account is as simple as specifying the login name, name and password.

All user accounts are listed on the Users and Groups main window.

Related Post:  How to install Linux Mint 12 KDE on a btrfs file system

An account’s properties may be modified from the User Properties window.

From the Account Info tab, you may configure the account to expire at a future date. You may also lock the account’s password, which effectively disables the password. If a password is locked, the user cannot change the password

From the Password Info tab, you may enable password aging, or set the password to expire at a certain date. “Days before change allowed” specifies the minimum number of days between password changes. If the value is zero, a user may change the password at any time.

“Days before account inactive” is the number of days after a password expires before the account is permanently disabled. A value of 0 disables the account as soon as the password expires, and -1 disables the feature, which is the default.

When you create an account on a running system, you may add it to the Administrators groups by adding it to the wheel group. That changes the account from a Standard to an Administrator type.

You can have quality articles like this delivered automatically to your Feed Reader or Inbox by subscribing via RSS or email. This website now has a Question and Answer section. Use the commenting system for simple comments, but for more involved assistance, please use the Q & A section.


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Hola! Did you notice that no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
4. Axo Finans.

Upcoming events

6 Responses

  1. hi there. fan of your articles esp. multiple OS boot setups. i tried installing xguest but had troubles doing so. this was the error i got:

    Setting up Install Process
    Resolving Dependencies
    –> Running transaction check
    —> Package xguest.noarch 0:1.0.9-4.fc15 will be installed
    –> Finished Dependency Resolution

    Dependencies Resolved

    Package Arch Version Repository Size
    xguest noarch 1.0.9-4.fc15 fedora 31 k

    Transaction Summary
    Install 1 Package(s)

    Total download size: 31 k
    Installed size: 37 k
    Is this ok [y/N]: y
    Downloading Packages:
    Setting up and reading Presto delta metadata
    Processing delta metadata
    Package(s) data still to download: 31 k
    xguest-1.0.9-4.fc15.noarch.rpm | 31 kB 00:01
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
    Error in PREIN scriptlet in rpm package xguest-1.0.9-4.fc15.noarch
    error: %pre(xguest-1.0.9-4.fc15.noarch) scriptlet failed, exit status 1

    xguest.noarch 0:1.0.9-4.fc15


    –i tried browsing through forums and found one solution for this. that is, to create an xguest ‘ID’ and xguest package should install. so i did that and i was able to install xguest package. problem is, selinux troubleshooter notified me a problem has been detected:

    SELinux is preventing /usr/bin/gnome-keyring-daemon from getattr access on the filesystem /.

    ***** Plugin catchall (100. confidence) suggests ***************************

    If you believe that gnome-keyring-daemon should be allowed getattr access on the filesystem by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    allow this access for now by executing:
    # grep gnome-keyring-d /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

    Additional Information:
    Source Context xguest_u:xguest_r:xguest_gkeyringd_t:s0
    Target Context system_u:object_r:tmpfs_t:s0
    Target Objects / [ filesystem ]
    Source gnome-keyring-d
    Source Path /usr/bin/gnome-keyring-daemon
    Host choy-notebook
    Source RPM Packages gnome-keyring-3.0.3-1.fc15
    Target RPM Packages filesystem-2.4.41-1.fc15
    Policy RPM selinux-policy-3.9.16-34.fc15
    Selinux Enabled True
    Policy Type targeted
    Enforcing Mode Enforcing
    Host Name choy-notebook
    Platform Linux choy-notebook #1
    SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
    Alert Count 1
    First Seen Wed 27 Jul 2011 12:19:09 PM PHT
    Last Seen Wed 27 Jul 2011 12:19:09 PM PHT
    Local ID acd2148e-4b1c-4e89-843f-a92098217176

    Raw Audit Messages
    type=AVC msg=audit(1311740349.405:163): avc: denied { getattr } for pid=2318 comm=”gnome-keyring-d” name=”/” dev=tmpfs ino=49144 scontext=xguest_u:xguest_r:xguest_gkeyringd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem

    type=SYSCALL msg=audit(1311740349.405:163): arch=i386 syscall=statfs success=no exit=EACCES a0=9ccb170 a1=bfa26b60 a2=46112c a3=0 items=0 ppid=1 pid=2318 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4 comm=gnome-keyring-d exe=/usr/bin/gnome-keyring-daemon subj=xguest_u:xguest_r:xguest_gkeyringd_t:s0 key=(null)

    Hash: gnome-keyring-d,xguest_gkeyringd_t,tmpfs_t,filesystem,getattr


    #============= xguest_gkeyringd_t ==============
    allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;

    audit2allow -R

    #============= xguest_gkeyringd_t ==============
    allow xguest_gkeyringd_t tmpfs_t:filesystem getattr;

    –my question is, am i missing anything? is it ok to create an xguest id prior to installation of the package? also, is /home directory required for a guest session (xguest user)? is there a better way of installing this and not get any errors/problems from selinux troubleshooter? thanks!!

    1. I just installed the xguest package and I did not get any errors. And I did not have to create a special id for it.

      Note that the Guest user’s home and temporary directories are mounted at tmpfs, so there is no real home folder for the account.

      Try this: Delete the id that you created, then uninstall xguest. Reinstall it using the graphical package manager and see if that works. The account will be disabled if SELinux is not in enforcing mode. On Fedora 15, SELinux is in enforcing mode by default, so that should not be a problem.

      If it does not work, you may have to disable SELinux, which is what many tend to do because SELinux can be more of a pain than a blessing.

      1. I did your advice and installation went through. I just have a few questions. When you say the guest user’s home and temporary directories are mounted at tmpfs (so there is no real home folder for the account), does that mean to say that the xguest directory i’m seeing on /home was generated when xguest was installed and that it works only as a “virtual” /home directory for the guest account?

        I also think selinux is not in enforcing mode since I see “account disabled” for the password field under User Accounts. Is that ok? sorry if my questions sound stupid. Thank you for helping!

        1. Yes, the home folder is temporary. According to the description of xguest, the “home and temporary directories of the user will be polyinstantiated and mounted on tmpfs.” This is a security feature that ensures that the guest user cannot access anything outside his home and temporary directory.

          The account’s password is disabled, so you can log in automatically. Nothing is saved when you log out.

          In Fedora, SELinux is in enforcing mode by default else you would not have been able to use the guest account. You may view the default settings of SELinux in the /etc/selinux/config file.

          Btw, there are no stupid questions. We are all students.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
4. Axo Finans.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.


The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.