1

I have created a persistent Ubuntu Mate USB flash drive using mkusb and configured it to how I want it. I now want to stop anyone from being able to modify it.

I don't mind if the solution is to stop all modification by the user or whether it allows the user to modify just for that session but reverts on reboot.

There is no system login and I would like it to stay that way, but there would need to be some way for me to still gain privileged access for maintenance.

I would like the user to have the exact same desktop as I have setup, i.e. including the shortcuts to network drives.

I would appreciate any suggestions. I would consider myself as beginner to intermediate user, so a little detail may be required.

bedfellow
  • 11
  • I don't know how to do what you want with a persistent live drive. There is an alternative: to create a custom iso file and use that to create a live USB drive. But be prepared that it is much more difficult to create a custom iso file compared to a persistent live drive. – sudodus Apr 03 '20 at 11:14
  • I have already performed a fair amount of customisation, so I would rather not have to start over with creating an ISO. – bedfellow Apr 03 '20 at 11:23
  • I can understand that. There might be alternatives that are not quite doing what want, but might work for you. For example: Would it be OK to keep the system untouched, but let the user store files in the home directory and modify some tweaks of the user's environment? Or would it work to restore the original system from a built-in backup (that exists within the 'mkusb ecosystem')? – sudodus Apr 03 '20 at 11:26
  • As long as on every reboot the system is restored to the same state as I have set up then that would be okay. I have users who like to 'tinker' and so I want to make sure they can't do anything that will make a permanent change. – bedfellow Apr 03 '20 at 11:43
  • There used to be 'guest session' in previous versions of Ubuntu, I think until 16.04 LTS. But some security holes were detected, and the 'guest session' was abandoned. I am sorry, but the only alternative that I know is to create a custom iso file and use that to create a live USB drive. The other alternatives (persistent live or installed (like into an internal drive, but into a USB drive)) will not be completely restored to the same state as you have set up. – sudodus Apr 03 '20 at 11:48
  • If you accept that 'guest session' is not secure against advanced hacking, you can try it according to this link. It might solve the problem for you. I do not remember if you need an installed system or if it will also work in a persistent live system, but you can test it. – sudodus Apr 03 '20 at 12:07
  • @sudodus: I believe that guest session is still available, however it requires LightDM be installed, which is no big deal. I wrote an Ask Ubuntu answer for a similar question a year or so ago. I will try to find it. I installed LightDM just last week, it still works. https://askubuntu.com/questions/946919/add-guest-user-to-persistent-flash-drive/947175#947175 – C.S.Cameron Apr 03 '20 at 13:02

1 Answers1

2

How to make a persistent USB install read-only

It is possible to do what you want using a modified Guest User account

  • Install lightdm:

    sudo apt-get install lightdm

The install process will ask to remove GDM.

  • At popup select lightdm as display manager.

For a grub2 booters with persistent casper-rw partitions, such as mkusb:

Open casper-rw/upper/etc/lightdm/lightdm.conf and change allow-guest=true. Now there will be a Guest account.

For Syslinux booters with persistent casper-rw files such as UNetbootin and Rufus: First mount the casper-rw file:

sudo mkdir /media/casper

sudo mount -o loop casper-rw /media/casper/

Then edit casper/upper/etc/lightdm/lightdm.conf and change allow-guest=true A guest account will be added to boot options.

Modifying the Guest Account

You may use an existing User Account, or create a new User Account, to use as a Live basis for customizing the Guest Session.

Make a directory for guest session, if one does not already exist:

sudo mkdir /etc/guest-session

Create a symbolic link:

sudo ln -s /home/{NAME} /etc/guest-session/skel

Where {NAME} is the name of the User Account you wish to use as a basis.

Any changes made to the user account will appear in the guest account.

Any changes to the guest account will be deleted at end of the session.

User {NAME} can be hidden at login:

  • To hide the user open /var/lib/AccountsService/users/{NAME}

  • Edit line to SystemAccount=true

See also Add Guest user to Persistent flash drive

Customize Guest Session

C.S.Cameron
  • 19,519