1

For a special purpose it seems like I need to know the UID (user ID) of my guest accounts.

As guest accounts are created and (usually) removed automatically whenever one is needed, the UIDs are not fixed but assigned dynamically. If I observed it correctly, they take the first free UID that is greater than 100, but I am not sure.

However, I need to know for sure that all guest accounts and only guest accounts, no other users, are in a specific UID range, for example in range 800-899 which should be free and is still invisible because it's lower than 1000.

How can I set my Ubuntu 15.10 machine (with Unity DE) up so that it assigns all future guest accounts UIDs in that specific range and that no other users may get into it?

You're free to suggest other different solutions that help me solving my linked problem as well.

Community
  • 1
Byte Commander
  • 105,631
  • 46
  • 284
  • 425

1 Answers1

1

There is a configuration entry in your LightDM configuration (more about the configuration of lightdm, see below):

guest-account-script=

Per default, the script /usr/sbin/guest-account is used. In this script you can find the line

adduser --system --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER

which means, the guest account is added as a system user. To change the behavior you have to change the line and to replace the ID with another value, but not greater than 499.

adduser --system --uid ID --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER

Or you could write your own script ;)

More about the configuration files here.

System provided configuration is stored in /usr/share/lightdm/lightdm.conf.d/*.conf and is not user editable. System administrators can override this configuration in /etc/lightdm/lightdm.conf.d/*.conf and /etc/lightdm/lightdm.conf. Files are read in the above order and combined together to make the LightDM configuration.

For example, if you want to override the system configured default session (provided in /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf) you should make a file /etc/lightdm/lightdm.conf.d/50-myconfig.conf

Community
  • 1
A.B.
  • 89,123
  • 21
  • 245
  • 323
  • Can I also specify a range of UIDs from which it shall pick one? Because I had some half-dead guest accounts left every now and then and I fear it would crash when trying to reassign such an ID. – Byte Commander Nov 17 '15 at 11:27
  • In `man adduser`, I found the parameters `--firstuid` and `--lastuid` which can be used instead of `--uid` to determine a range of UIDs. – Byte Commander Nov 17 '15 at 11:37
  • Oh, and which `lightdm.conf` do you mean? None of the files on my system named like that contained a line with `guest-account-script=` or similar. – Byte Commander Nov 17 '15 at 11:46
  • Not in `/etc/lightdm/lightdm.conf`? – A.B. Nov 17 '15 at 11:49
  • That file doesn't exist on my system (15.10), only `/etc/init/lightdm.conf`, but that doesn't contain such a line. – Byte Commander Nov 17 '15 at 12:02
  • I would say, you should use a new configuration to overwrite the standard configuration if you need changes, as mentioned in the last line of the quotation in the answer. I can't test it, no Unity and LightDM here =) – A.B. Nov 17 '15 at 12:04
  • I backed up `/usr/sbin/guest-account` and edited the `adduser`-line to `adduser --system --firstuid 450 --lastuid 499 --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash $USER`. Now trying that out... – Byte Commander Nov 17 '15 at 12:16
  • The edit of `/usr/sbin/guest-account` did not affect anything. After two reboots, I'm still getting guest account UIDs around 120. – Byte Commander Nov 17 '15 at 13:30
  • 1
    `--firstuid` and `--lastuid` apply to normal users. You may want to drop the `--system` option (untested). – Gunnar Hjalmarsson Nov 17 '15 at 14:06
  • That's funny. `sudo adduser --system --uid 1024 --no-create-home --home / --gecos $(gettext "Guest") --group --shell /bin/bash bar` works as expected as single command. – A.B. Nov 18 '15 at 07:25
  • I've set it now to fixed UID 499 and it seems to work. :-) – Byte Commander Nov 18 '15 at 10:08
  • @ByteCommander: Sufficient only if you are sure that not more than one guest session might be launched concurrently. – Gunnar Hjalmarsson Nov 18 '15 at 11:32
  • @GunnarHjalmarsson That's what I expect. And if somebody would attempt to launch a second one, it would just fail and return to the login screen, I assume? – Byte Commander Nov 18 '15 at 11:38
  • @ByteCommander: I can't tell what would happen in that case. – Gunnar Hjalmarsson Nov 18 '15 at 12:44