1st, Thank you!
I understand what has been discussed so far concerning guests accessing other user files.
I’ll certainly try this out on an old laptop at home.
Outside my home, I need guest accounts for systems I maintain (for free) and donate to seniors.
2nd, a question: “Does THIS guest account in your post protect the guest’s user’s data after logout”.
Is all the guest’s data gone or is any potentially exploitable residual left behind?
My users are non-IT savvy seniors (ages 65-101) using a donated laptop.
1st, Thank you!
Notice: The guest-login install I am discussing is not a locked-down guest session/guest login.
Thanks everyone for the insight on Guest sessions and the challenges. I look forward to seeing what Team Ubuntu does in this arena.
Following guidelines above from user opensense, I have succeeded in installing an UNSECURED-guest-login.
I will now work to see how well I can lock it down. This is fun!
My initial Install notes (for this unsecure guest login):
I deviated and used the software install apps in Ubuntu instead us using “sudo apt install”.
Using “Ubuntu Software” app, it failed miserably (too many issues, but not a complete install, libs missing, etc.).
Using “Synaptic Package Manager” (downloaded from “Ubuntu Software”) I was able to successfully install (unsecured) guest login. The only thing I had to do (as provided by opensource) after installing was:
sudo gedit /usr/share/lightdm/lightdm.conf.d/50-disable-guest.conf ; #change it to: allow-guest=true
and Reboot my computer.
HUGE SECURITY FLAWS already addressed above in brief: My GUEST USER can get to all my directories, open all my files, including unzipping files. As anticipated, my guest user is NOT kept from my system files nor user files.
IT DOES APPEAR the guest user is relatively secure from me and anyone who follows afterwards IF he/she logs out when done. (IF anyone knows otherwise, I’d love to hear it). I cannot find data, websites visited, or any other residual left behind by the GUEST.
GUEST SESSION are needed in Ubuntu 18.04 for many of us. Thank you Team Community.Ubuntu.com for hosting this ‘question and answers’ and the ensuing discussions on it.
ADDED NOTE May 3, 2018: I am now able to keep the ‘guests’ out of my user’s file system by running the following on each user’s home directory:
sudo chmod -R o-rwx *
This removes access (rwx (Read, Write, eXecute) access) from guest to my user’s files/folders.
This does not (repeat, NOT!) remove access to system file I have not yet locked down.
(BTW, should we move this discussion to another area since we’ve moved to discussing HOWTOs or are we ok here?)
I also work in a school where we use the guest account extensively and daily. Today we started building our new 18.04 build (only use LTS), and saw that guest account was gone. Will probably move away from ubuntu or stick with 16.04 until it dies. We use it for, guests to the school, and stand alone computers that we want to have a particular function but don’t want to manage a different set of users for. We use gsuite for our user management on chromeOS for the most part.
I’ve my laptop near the sofa, and guest sometimes have used it
I think it is a good business card for showing Ubuntu
I REALLY MISS THE FEATURE in 18.04!!!
Hundreds of students in my school using the computer laboratory equipped with Lubuntu 16.04.
Guest sessions ensure a secure, reliable enviroment for every one of them.
So I can’t currently upgrade to Lubuntu 18.04.
Has anyone suggestions, how to solve the problem without loosing security?
Thanks for feedback!
I would love to have this feature back. It gives a massive peace of mind when giving my laptop to a friend.
I deployed Ubuntu 16.04 LTS at a charity, so it can be used by members of the public in a guest account. Not sure what I’ll do when that LTS isn’t supported anymore.
I don’t know if it needs to be super locked down for my needs, as long as it’s separate from my main user account and wipes everything on logout. That would satisfy my use cases.
I use Ubuntu 18.04 LTS on my personal computers and when I do need them, I miss guest sessions a lot!
I’m sticking with 16.04 LTS on the boxes (laptops) for all the folks I support (senior citizens, senior centers, nursing home residents, etc.), as 16.04 still has 3 years security/updates support from Ubuntu - which is GREAT!
End of Life for 16.04 is April 2021. I trust we’ll have SOMETHING great for 18.04 before too long.
I miss this function very much. I run about 50 Linux PCs in school (1st contact for students with gnu/linux). The guest account is a great help.
I hope you will continue with 16.04 LTS (and it’s outstanding guest account) which has another 3 years of support for a short time while the Ubuntu Team (official or community) gets this fixed! I love playing with other distros too, but Ubuntu has EARNED a reputation of solid, secure, compliant, and up-to-date and I trust it for use by those who do not comprehend CyberSecurity.
Not sure in the 5 months this thread has existed that @robert.ancell looked again. I’m certain he only posted once in it.
Given that - all the comments appear to be pointless.
Quoting the original post:
it’s important we can justify that a significant portion of our users make use of this feature
So no, all those comments are not pointless. Re-implementing the feature with GDM represents a significant amount of work and it didn’t make it to 18.04, but that doesn’t mean the idea has been abandoned.
But I’m sure I’m not the only one who saw someone from Canonical make a post regarding 18.04 - and then no more contact in the thread.
I understand that there’s a significant amount of work - that’s not the issue here - it’s the lack of contact after asking for people to do this
Edit - ftr - this doesn’t affect me personally - I use Xubuntu.
This is Robert’s follow-up:
Please note that there are two issues. While the lack of guest session support in GDM does not affect flavors which use LightDM, the fact that the security layer provided by AppArmor is broken affects everyone.
In a different thread?
That seems rather counter productive.
@robert.ancell Might be best to close this one then?
I setup computers for seniors (i.e. local Senior Center, others). Most of these folks are not Cyber Security knowledgeable. Guest sessions allows seniors (anyone) to check their banks and other accounts without their data being available to others after logging out. Guest Sessions is critical to me and those I assist. I volunteer my time and cannot afford to purchase commercial products for the computers I donate.
I used guest session in my house. It is helpful when my kids friends or other family guests want quick access to a PC, often just to log into a web browser and print something. Of course I can create a dummy account to give them an easy password, but the guest session was the perfect solution for us.
@flocculant - I don’t seem to have any means of closing a thread.
However, thanks everyone for the feedback. As people have seen, 18.04 has been released and does not have guest support. This thread will be useful as a data point in any further discussions about this feature.
Thanks for mentioning that. Yes, me too, I forgot to mention my home computers in my posts (I’m old…). My kids and grandkids know when they come to visit grandma and grandpa they will have I-net access ‘on the spot’.
From family and friends at home, to guests in the workplace (who could do real damage w/o guest account), to seniors and others - Ubuntu Guess Session has been a critical NEED for thousands (tens of thousands?) of Ubuntu users.
Not having a secure Guest Account is keeping me from upgrading to 18.04 on all computers I support (volunteer, not paid) at this time. This is NOT a problem yet as there are still 3 more years of security support on 16.04 LTS.
I’m using 18.04 at home w/ my own modified guest session (NOT fully secure but ok for my grandkids).
I’ve done that for you
People interested can see the follow up at https://community.ubuntu.com/t/brain-dump-on-guest-session-progress/3717
I also added the follow up link to your original post.