Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
Mandriva comes up with a Xguest account by default. This guest user has similar permissions/access rights like any generic user. However, nothing is saved on the disk. Once the user logs out, whatever the contents has created is lost. Not sure if you want similar functionality for user. May be you can try it out once and decide. Best regards, -Sudhanwa ~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~! www.sudhanwa.com ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
Hi Kartik, Its easy man : following can be a good solution : - make a script which will only execute if the current logged in user is guest and will clear the directories or whatever u want. then put its entry in /etc/bashrc, you need to make sure that script is executable by guest user or you can apply SUID on it in case if you want i can prepare one for you. On Sun, Aug 1, 2010 at 4:08 PM, Kartik Singhal kartiksing...@gmail.comwrote: On Mon, Jul 26, 2010 at 10:05 AM, jeet7668 . jeet7...@sify.com wrote: Well I think the following can help you out. 1) for having a guest account simply create a account with any name (probably guest) that will never ask for password at login so you don't have to tell the password to everyone (if u want that account to be for public use) We have done the same as I have mentioned in my first post. 2) for resetting home directories of users, you should put all your files (which u want to be there in the home directory at every login) at some different place and write a small bash/perl script to place them in user's home directory at every login after deleting whatever was there in user's home directory. Exactly what we want to do but how? How to execute that script automatically at login. -- Kartik Singhal BTech CSE Student, NIT Calicut http://www.techglider.com -- Satyajeet Singh (Martin) (Linux Corporate Trainer) Koenig-Solutions Pvt Ltd 09911547664 ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
On Sun, Aug 1, 2010 at 11:40 PM, Sudhanwa Jogalekar sudhanwa@gmail.comwrote: Mandriva comes up with a Xguest account by default. This guest user has similar permissions/access rights like any generic user. However, nothing is saved on the disk. Once the user logs out, whatever the contents has created is lost. Not sure if you want similar functionality for user. May be you can try it out once and decide. Best regards, -Sudhanwa ~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~! www.sudhanwa.com ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Can't we do this by samba? As it will allow the user to log in to the main server machine under the restricted permission. -- Regards RAKESH Allow Your Own Inner Light to Guide You ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
On Saturday 24 Jul 2010, Kartik Singhal wrote: [snip] What we need though is a method by which we can reset the 'user' account's home directory at each log in, deleting any traces of the previous user's activity and recreates these two icons. I had created the script to generate the icons, it can just be integrated to the solution of this problem. Though the Guest account that does this is available on ubuntu but it is only accessible when some other user is logged in and can't be accessed from the main login screen. Not clear how usernames are generated. Does every user have a fixed ID allocated to him/her? Because if the same username is used by two or more people I don't see the difference between the user account and the guest account. In any case, have a look at the postexec parameter in smb.conf. That should allow you to run a script (which can clean out the directory, e.g.) whenever a user disconnects from a share. Regards, -- Raju -- Raj Mathurr...@kandalaya.org http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance Chill: http://schizoid.in/ || It is the mind that moves ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
Well I think the following can help you out. 1) for having a guest account simply create a account with any name (probably guest) that will never ask for password at login so you don't have to tell the password to everyone (if u want that account to be for public use) 2) for resetting home directories of users, you should put all your files (which u want to be there in the home directory at every login) at some different place and write a small bash/perl script to place them in user's home directory at every login after deleting whatever was there in user's home directory. Do let me know whether this was useful or useless. On Sat, Jul 24, 2010 at 8:10 PM, Kartik Singhal kartiksing...@gmail.comwrote: We are setting up a lab in our computer center for encouraging students to use linux. We are already done with setting up Ubuntu 10.04 32-bit on most of the systems. What we have planned is to give a common underprivileged 'user' account in all the systems with same password that we can tell the users. Users have the advantage of using their flash drives which they were not allowed to use on windows systems because of viruses. The problem of common storage is being taken into account by having a central storage server running samba. It is available in the form of two icons on the desktop: 1. Public-Share-on-Ubuntu-Server (which is publicly accessible by everyone and is permanently mounted on the client as a /etc/fstab entry) 2. Access-Private-Share-on-Ubuntu-Server (which is private to a particular user) The second icon is just a shortcut to the following script which allows users to access their private files after requesting (only on first usage) for a user name from one of the lab assistants: #!/bin/bash echo 'Enter your username: ' read un nautilus smb://192.168.5.82/$un/ What we need though is a method by which we can reset the 'user' account's home directory at each log in, deleting any traces of the previous user's activity and recreates these two icons. I had created the script to generate the icons, it can just be integrated to the solution of this problem. Though the Guest account that does this is available on ubuntu but it is only accessible when some other user is logged in and can't be accessed from the main login screen. The following was taken from ubuntuforums ( http://ubuntuforums.org/showthread.php?t=1024371) Imagine the scenario: A library patron logs on to check his email, surf the web, then downloads a photo from his camera and puts it in a document that he then saves to a thumb drive. He logs off and leaves. We don't want the next patron that uses that machine to see any of the things previous users did, where they went or documents they worked on. I don't mind the idea of a user account that has a password, we could give that out when the patron signs in, heck we could even change it once in a while. However, lock down of the account and deletion of previous user activity is of most importance. Our requirement is similar. After a lot of searching on the net I have not been able to find a way to do this. If you have done any similar lab scenario, please share the method on the list. It would be a great help. -- Kartik Singhal BTech CSE Student, NIT Calicut http://www.techglider.com ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd -- Martin Anderson ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-POST] Guest account in Ubuntu 10.04
Well I think the following can help you out. 1) for having a guest account simply create a account with any name (probably guest) that will never ask for password at login so you don't have to tell the password to everyone (if u want that account to be for public use) 2) for resetting home directories of users, you should put all your files (which u want to be there in the home directory at every login) at some different place and write a small bash/perl script to place them in user's home directory at every login after deleting whatever was there in user's home directory. Do let me know whether this was useful or useless. On Sat, Jul 24, 2010 at 9:29 PM, Kartik Singhal kartiksing...@gmail.comwrote: We are setting up a lab in our computer center for encouraging students to use linux. We are already done with setting up Ubuntu 10.04 32-bit on most of the systems. What we have planned is to give a common underprivileged 'user' account in all the systems with same password that we can tell the users. Users have the advantage of using their flash drives which they were not allowed to use on windows systems because of viruses. The problem of common storage is being taken into account by having a central storage server running samba. It is available in the form of two icons on the desktop: 1. Public-Share-on-Ubuntu-Server (which is publicly accessible by everyone and is permanently mounted on the client as a /etc/fstab entry) 2. Access-Private-Share-on- Ubuntu-Server (which is private to a particular user) The second icon is just a shortcut to the following script which allows users to access their private files after requesting (only on first usage) for a user name from one of the lab assistants: #!/bin/bash echo 'Enter your username: ' read un nautilus smb://192.168.5.82/$un/ What we need though is a method by which we can reset the 'user' account's home directory at each log in, deleting any traces of the previous user's activity and recreates these two icons. I had created the script to generate the icons, it can just be integrated to the solution of this problem. Though the Guest account that does this is available on ubuntu but it is only accessible when some other user is logged in and can't be accessed from the main login screen. The following was taken from ubuntuforums ( http://ubuntuforums.org/showthread.php?t=1024371) Imagine the scenario: A library patron logs on to check his email, surf the web, then downloads a photo from his camera and puts it in a document that he then saves to a thumb drive. He logs off and leaves. We don't want the next patron that uses that machine to see any of the things previous users did, where they went or documents they worked on. I don't mind the idea of a user account that has a password, we could give that out when the patron signs in, heck we could even change it once in a while. However, lock down of the account and deletion of previous user activity is of most importance. Our requirement is similar. After a lot of searching on the net I have not been able to find a way to do this. If you have done any similar lab scenario, please share the method on the list. It would be a great help. -- Kartik Singhal BTech CSE Student, NIT Calicut http://www.techglider.com ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd -- Martin Anderson ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Kartik Singhal writes: We are setting up a lab in our computer center for encouraging students to use linux. We are already done with setting up Ubuntu 10.04 32-bit on most of the systems. What we have planned is to give a common underprivileged 'user' account in all the systems with same password that we can tell the users. Users have the advantage of using their flash drives which they were not allowed to use on windows systems because of viruses. The problem of common storage is being taken into account by having a central storage server running samba. It is available in the form of two icons on the desktop: 1. Public-Share-on-Ubuntu-Server (which is publicly accessible by everyone and is permanently mounted on the client as a /etc/fstab entry) 2. Access-Private-Share-on-Ubuntu-Server (which is private to a particular user) Instead of putting up an SMB server, why not use an SFTP server and an NFS server ? NFS server for anonymous mounts. And SFTP for authenticated mounts. The second icon is just a shortcut to the following script which allows users to access their private files after requesting (only on first usage) for a user name from one of the lab assistants: #!/bin/bash echo 'Enter your username: ' read un nautilus smb://192.168.5.82/$un/ And instead of having this script, why not initialize the ~guest with a .desktop file which points to location like: sftp://192.168.5.82/ What we need though is a method by which we can reset the 'user' account's home directory at each log in, deleting any traces of the previous user's activity and recreates these two icons. I had created the script to generate the icons, it can just be integrated to the solution of this problem. What you need is a kiosk setup. There are lots of links about that on the Internet, including one by jwz[1]. Or a modern (and of course recommended) way, using pam_namespace[2]. Fedora used this in Fedora Kiosk spin[3], IIRC. References: [1] http://www.dnalounge.com/backstage/src/kiosk/#auto-reset [2] http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_namespace.html [3] http://spins.fedoraproject.org/kiosk/ HTH - -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “Premature optimisation is the root of all evil in programming.” (C. A. R. Hoare) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iQIcBAEBCgAGBQJMSw4FAAoJEMdGz6nnT6SwLU0P/irM8bGUQeC4qDOnn1c2RyXK WvjPhAiOk/avGpI/j/2Ir054aO1NRHCpUcG1DXeZtVzGNTct9v8wFTIn/ZGR1emm YfCwxCufdfXRCklEdPRw4CNDxERmUob+u1a9BbDg1qiblHVHjl523R6pxO4OkhLG hTfwWLnoyg44WtIRdVW14cacEVZQAFkieHsFYRqNVCpKv1IPI6VYYa8QKMcWV89U FECNE3lkf+kUT/Fl4dJZrp8/NatMZ6Ng58WMDOayhtFR0NDyqBKdkKBKxTVG/2ua GuFp+c/ozdEiZKgE2NHqwO138UAfnAifB/1EiAh8WtqsxWVfhpCeJnAxIjFUmN8y zbKGzhG14L9qjaqWTZv2J0vORjl/6hVVM0THKc/pEZ6eCwq2ikNutfvCdQ2s1ptP zAa4/my9Jzafpb9z5cnEXLjWUY+Fp4W3rQMU/UVQVPYPmODNHU2NTijnhWDjK+dz IFQpXRpCg0XA/XBm+ry80rxrIf0gMNsLWFwuqS4Tm1LyDeWGM3+C54CdkkTrmoam CGdRlwJLNrMN2/pMuX93+U+kItOpyi8/8rrLpPQzXu9usQ8KtvhIZdzDhZTOFRko OJ1VwRq2wLrrB2uu2vYHSz1TIXtdBNDfHwAYKU94EmYBJsIU1GTQcJIdrEzoaBWN QML4OLg28QBrOQu0YL6i =Ythe -END PGP SIGNATURE- ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
Thanks Ashish for your response. On Sat, Jul 24, 2010 at 9:30 PM, Ashish SHUKLA wahjava...@gmail.com wrote: Instead of putting up an SMB server, why not use an SFTP server and an NFS server ? NFS server for anonymous mounts. And SFTP for authenticated mounts. We need to be able to access the server from windows clients too in the other lab, hence we decided for samba. We ran into either problems or complications while trying to deploy setups like nfs and ldap. And after a lot of testing with this setup we have not observed any problems. Our only problem seems to be with resetting the machines. #!/bin/bash echo 'Enter your username: ' read un nautilus smb://192.168.5.82/$un/ And instead of having this script, why not initialize the ~guest with a .desktop file which points to location like: sftp://192.168.5.82/ It is indeed a .desktop file while just runs this script. This is for accessing the private shares of a particular user which is not same as the 'user' account they use to login to the client. Clarification: user is the name of account which is common for all machines and is used to login to them and they are supplied a private share on the server if they need. Otherwise, very conveniently, they can just use their pen drives for saving their private files without needing a user name in the lab. What we need though is a method by which we can reset the 'user' account's home directory at each log in, deleting any traces of the previous user's activity and recreates these two icons. I had created the script to generate the icons, it can just be integrated to the solution of this problem. What you need is a kiosk setup. There are lots of links about that on the Internet, including one by jwz[1]. Or a modern (and of course recommended) way, using pam_namespace[2]. Fedora used this in Fedora Kiosk spin[3], IIRC. References: [1] http://www.dnalounge.com/backstage/src/kiosk/#auto-reset [2] http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_namespace.html [3] http://spins.fedoraproject.org/kiosk/ Thanks for the links. Trying to figure out if I find something for our need. -- Kartik Singhal BTech CSE Student, NIT Calicut http://www.techglider.com ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] [X-Post] Guest account in Ubuntu 10.04
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 [Your CCing the same mail to various lists in the name of X-Post sucks. It is rude when other lists permits only subscribers to post. So, for a little convenience of yours, you're pissing off those who are trying to help you. Please avoid this, this is not USENET.] Kartik Singhal writes: Thanks Ashish for your response. On Sat, Jul 24, 2010 at 9:30 PM, Ashish SHUKLA wahjava...@gmail.com wrote: Instead of putting up an SMB server, why not use an SFTP server and an NFS server ? NFS server for anonymous mounts. And SFTP for authenticated mounts. We need to be able to access the server from windows clients too in the other lab, hence we decided for samba. We ran into either problems or complications while trying to deploy setups like nfs and ldap. And after a lot of testing with this setup we have not observed any problems. Our only problem seems to be with resetting the machines. Well, it is not forbidden to share $HOME through multiple protocols. #!/bin/bash echo 'Enter your username: ' read un nautilus smb://192.168.5.82/$un/ And instead of having this script, why not initialize the ~guest with a .desktop file which points to location like: sftp://192.168.5.82/ It is indeed a .desktop file while just runs this script. This is for accessing the private shares of a particular user which is not same as the 'user' account they use to login to the client. The reason I suggested is because entering a username/password in a dialog box looks straightforward to me, and SFTP url will be the same. You can configure OpenSSH in chroot mode[1] preventing users from exploring the server file-system. And also if '/$un/' share requires authentication, you're entering same username twice, one at your script and other in the user/password dialog box which nautilus pops up. SFTP offers secure access and is well integrated with Nautilus and GNOME VFS. References: [1] http://www.debian-administration.org/articles/590 HTH - -- Ashish SHUKLA “Well, I guess cyborgs like myself have a tendency to be paranoid about our origins.” (Motoko Kusanagi in movie Ghost in the Shell) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iQIcBAEBCgAGBQJMSxiPAAoJEMdGz6nnT6SwokUP/ijus3teCq2LFnBptVeUVVhy 6usXe/p/aaNitnHVkevz0Ng7fzSPKg1m66hHMfW6MDjq6OT0VPdGpXaC2IkFPQQb G3UreeEPrk0HnibHUAW1KgU8MVa/VMYwpciVnKjEz0deHXXMRWzPApdY1qhB6d3Y xl6Mv5Q90KU/J18u/KuMphya2QfVUTH8DAwwv7FtO8ugCEInt0krFLo859N9WHfl lxtQd6mNBTwa17d2VmPElTWfTGVSxwL+9HVt+P42M1S6FoDIMXTtIWl5h3lgCRBq JT2YqHTuj5iVjo24wHwUb+CuserszjUWN/6IUjwcIPCQ1pKo7xQCZG2AHNp8Jz9N PDT0eFLcrnjaOEX4xxf2s3LWNOOMfbklBW9a88GnnjtbY66BpLy0s+b3NQzGRX+Y n2pVfmZB/JXqyhtzPYWVuNoSBuTMn+Plzc4sCCwz8W0/uZRXLZ4J8ysJcdY6T0T7 DF9y6uIAhtvF1dNzle/4VBjp6VOd/sp/ElpzwBpe5HPJytOnMYODhHgep/XyZJrC BgWw71ey3OdrAk/VmqRVTE/n8URUGYb4RCOj8zFPteP0e4zD2T+ogxAkeIds6THJ AA5nHB9ZT5uAUKmvORs3wW6vvk1HNkOc+LFYHOX1lIeaZJElq4k8+OJT7rpb6qy+ BUtlyFE9O38hQm3/af/d =Mj8P -END PGP SIGNATURE- ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd