1

How can we create a kiosk mode guest session under gdm3 going forward from Ubuntu 17.10?

TheWickerman666
  • 153

1 Answers1

1

Now that Ubuntu 17.10 onward Gnome is going to be default ans those of us who have gotten used to the guest session feature in lightdm unity-greeter. There is a solution as described here:

https://unix.stackexchange.com/questions/258544/create-guest-account-in-gnome-3-x-on-arch-linux

Note: changed gdm to gdm3 in the code from original post by terdon at U&L.

Three steps:

Guest folders under /tmp, under gdm3 non-password login is not allowed, so create a password with greater than 5 character in length.

sudo useradd -d /tmp/guestx -p XXXXX guestx

Create and edit some PostLogin and PostSession bash scripts in /etc/gdm3

(a) PostLogin script

create/edit

sudo nano /etc/gdm3/PostLogin/Default

and add

#!/bin/sh
guestuser="guestx" ## Next set up guest user session files/folders
if [[ "$USER" = "$guestuser" ]]; then
   mkdir /tmp/"$guestuser"
   cp /etc/skel/* /tmp/"$guestuser"
   chown -R "$guestuser":"$guestuser" /tmp/"$guestuser"
fi
exit 0

(b) PostSession script

create/edit

sudo nano /etc/gdm3/PostSession/Default

and add

#!/bin/sh
guestuser="guestx" ## Next clear the guest user session files/folders
if [[ "$USER" = "$guestuser" ]]; then
   rm -rf /tmp/"$guestuser"
fi
exit 0

Make the above scripts executable:

sudo chmod 755 /etc/gdm3/PostLogin/Default /etc/gdm3/PostSession/Default

gdm3 does not allow no password logins, so set a password for this new guest user account. For those who do not know howto, take a look here:

https://people.gnome.org/~shaunm/mobile-mallard/gnome-help/user-addguest.html

CAUTION: I would suggest not check the 'Do not ask password at login', otherwise you will always boot into a guest session Lol :)

EDIT NOTE: edited the temp guest username from 'guest' to 'guestx' so as not to confuse from the default ubuntu guest username.

###################### UPDATE

For some reason on a new install/upgrades of/to Ubuntu 17.10, the tmpfs is not being deleted. The presession seems to work, suggest adding the following to /etc/gdm3/PreSession/Default folder:

sudo nano /etc/gdm3/PreSession/Default

add these lines after the last line:

guestuser="guestx"
if [[ "$USER" = "$guestuser" ]]; then
rm -rf /tmp/"$guestuser"
fi
TheWickerman666
  • 153
  • You could just as easily rm -rf /home/guest what is the advantage of using tmp ? Also you did not address the fact that the old guest was locked down by apparmor, how did you address this ? I highly advise you use a kiosk specific distro, easier to deploy and more secure. – Panther Jul 26 '17 at 19:15
  • See http://porteus-kiosk.org/ or similar. many advantages to a kiosk spin ;) – Panther Jul 26 '17 at 19:16
  • I was looking at the tuxdiary. My concerns were more for people who would every once in a while like to loan their laptops or PCs. I did not follow your concern regarding apparmor. I had installed a clean Ubuntu Gnome 17.04 subsequently upgraded to 17.10, as I noticed gdm3 has a lot of issues (like no login randomly) thinking that 17.10 version of gdm3 would be better. – TheWickerman666 Jul 26 '17 at 19:21
  • Well, as you know, physical access is root access so if you are loaning out your computer probably just make a regular account , call it what you will, and delete it afterwards. Just my 2c but your solution is a long run for a short slide. I guess my point is that your solution is a long way from the guest session locked down by apparmor . IMO that was the advantage of the guest session, the additional security features. – Panther Jul 26 '17 at 19:24
  • I agree on the apparmor part. In my solution, all the guest files will be hosted in tmpfs and simple logout clears it all. – TheWickerman666 Jul 26 '17 at 19:27
  • I see that . I would hate you if you loaned me a computer and all my files were deleted on log out, lol. – Panther Jul 26 '17 at 19:50