2

This question is related to another, more general, question about guest accounts. This one is very specific.

Setup: I have many older Dell Latitude E6410s and some newer Dell Latitude 5450 I use in a classroom setting running 16.04. Many students use these machines for a variety of purposes among data analysis and data acquisition through attached USB devices.

Guest accounts serve us well to wipe the machines clean between logins. The additional feature of the guest accounts is that upon turning the machines on and 'forgetting' them the machine automatically log in to the guest account and launch a browser window. The problem is that the guest accounts do not have any privileges to access the USB ports.

A simple solution would be to add the new guest account (e.g guest-abf2) to the dialout and plugdev group so the students can use attached devices and thumb drives. Something like:

moduser -a -G plugdev,dialout $USER

inside a script early enough in the login process to work.

This is what I have tried so far:

  • placing this command in either of the two documented hooks: auto.sh and prefs.sh in the /etc/guest-session directory. Neither works. prefs.sh is run in the user context and while auto.sh is supposed to run in root context it is run too late to add the newly created guest account to the two groups
  • modifying the available scripts the lightdm runs (Yeah I know this is not good but I was getting desperate) and still this doesn't work. I need to execute the moduser command right after the account is created but before the actual login.
  • According to old documentation (11 or so) there is a hook called setup.sh which I tried but I am not sure this hook works anymore.
  • I have looked into writing a udev script but that seems terribly painful and the documentation seems geared toward mounting USB thumb drives not allowing access to USB devices. I could be wrong here.
  • Somewhere I tripped across some documentation that there was a similar 'script' like mechanism to automatically add new users to certain groups but I can't seem to find it. This might work in this case or not but I'll give it a try.
Community
  • 1
pbeeken
  • 41

4 Answers4

2

The guest accounts are created by the shell script /usr/sbin/guest-account.

At the end of the function add_account it calls useradd to create the user. If you add the -G plugdev,dialout option here that should do the trick.

Use dpkg-divert to avoid that an updated package overwrites your modified script.

Florian Diesch
  • 89,643
1

Use usermod, not 'moduser'.

... so the behavior of the startup script prefs.sh now works as advertised. By creating a file called prefs.sh in /etc/guest-session with the following line:

moduser $USER -a -G plugdev,dialout

That command will cause the guest session to crash and not load if you include it in prefs.sh. '`moduser' isn't a valid command. Use this line instead:

usermod -a -G plugdev,dialout $USER
Eliah Kagan
  • 119,640
Godvalve
  • 11
0

auto.sh has never run in a root context. prefs.sh did so up to Ubuntu 15.10 when it was sourced by /usr/sbin/guest-account, but the code has been refactored, and in 16.04 prefs.sh is sourced by /usr/share/lightdm/guest-session/setup.sh which is not run as root.

Don't know if this change in behavior is intentional. If not, there may be a reason to propose a change.

Not sure what you mean when you say that a guest session cannot access the USB ports. I know that you can use USB sticks, at least. Possibly there are other devices whose use is prevented via AppArmor.

Edit:

I filed a bug report, and if accepted, you will be able to use prefs.sh to assign the guest to group(s) as you could before.

As regards USB sticks I did some testing, and found that how the stick is formatted matters. With an ext4 formatted stick I could neither read nor write, but when formatted as fat16 it works fine.

Gunnar Hjalmarsson
  • 34,191
0

I don't know exactly when it happened but lightdm was updated so the behavior of the startup script prefs.sh now works as advertised. By creating a file called prefs.sh in /etc/guest-session with the following line:

moduser $USER -a -G plugdev,dialout

I achieved exactly what I needed to allow students to access new USB devices in the guest account.

pbeeken
  • 41