How to Setup a Secure Guest Account [was] Password-protecting fedora.

[Bevan C. Bennett]

Ow Mun Heng wrote:
> 
>>-----Original Message-----
>>From: Matt Morgan [mailto:matt.morgan at brooklynmuseum.org]
>>Sent: Tuesday, March 09, 2004 10:08 PM
>>To: fedora-list at redhat.com
>>Subject: Re: Password-protecting fedora.
>>
>>
>>I was talking about gdmflexiserver. In case it wasn't clear 
>>from the part
>>where I said "But I forget what it's called," I couldn't 
>>remember what it
>>was called :-). Fortunately a few other people wrote in about 
>>it as well.
>>
>>Yes, there are lots of ways to have more than one account 
>>loged into Unix
>>at the same time. Score one for Bjorn. gdmflexiserver makes it really
>>easy, is the main reason I mentioned it. I thought it might help the
>>original poster, who was looking for a way to give people 
>>access to the
>>computer without them seeing his mail. The combination of a 
>>guest account
>>with a new login via gdmflexiserver would probably be the 
>>fastest/safest
>>way to so what he wants.
> 
> <SNIP>
> Talking about guest users. ANyone has any pointers on how, 
> specifically to create a guest user? I mean, it must just be 
> able to perform/access _normal_ stuffs (eg: web browsing, office
> etc) and not have access to anything else?
> 
> Main keyword here I guess is _very_limited_access. Even more
> restrictive than normal users.

You can chgrp all the things in /usr/bin (or elsewhere) that you don't 
want guests using to a new group "real_users", then chmod o-rwx on them 
all. Add all your 'non-guest' users to the real_users group so they can 
continue to use them. This isn't strictly considered neccessary, as 
normal users can't mess up system files, and normal users (if properly 
configured) won't be allowed to see or edit each other's files either.

> (since I presume that the user/password combo would be guest/guest)

The name and password for any user are whatever you want them to be.