Ubuntu

Provide a guest session account by default

Registered by Jonathan Carter on 2006-06-06

It is very common to lend someone else a laptop for a quick email check, or having one's computer play music and be a surf station on a party.

Instead of requiring people to create guest accounts with widely known or empty passwords, Ubuntu should set up a locked down guest account with a temporary home directory by default, where an existing user must authenticate the start of a guest session. This avoids passwordless accounts, which are a security threat.

Read the full specification

Blueprint information

Status:: Complete

Approver:: Scott James Remnant (Canonical)

Priority:: High

Drafter:: Martin Pitt

Direction:: Needs approval

Assignee:: Martin Pitt

Definition:: Approved

Series goal:: Accepted for intrepid

Implementation:: Implemented

Milestone target:: None

Started by: Martin Pitt on 2008-07-30

Completed by: Martin Pitt on 2008-10-01

Related branches

Related bugs

Bug #206924: Make it possible to create a guest account

Won't Fix

Sprints

uds-paris

Whiteboard

Done:
- gdm patch
- gdm-guest-session package (temporary user and home dir)
- AppArmor rules
- deny at access ("guest" already happens to be in default at.deny)
- deny cron access (by AppArmor rules, denying to write into /var/spool/cron)
- suppression on live system
- network access restricted to TCP and UDP.
- package promoted to main and seeded, ubuntu-meta rebuilt
- fusa integration
- test case/release note in spec

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Andre Wendt

Andrew

Ben Dodson

David

feamsr00

KarlGoetz

LumpyCustard

Michael Rooney

MilesTeg

Oliver Grawert

Rodrigo Novo

Toni Ruottu