NonpersistantUsers

Summary

NonpersistantUsers allow anonymous users safley to use a computer. They get a defined environment, where they can use ubuntu in exactly that way the administrator allows them. After a nonpersistant user logs out, her environment will be reset.

Rationale

NonpersistantUsers is a technique I already use in an internet cafe, offering 'real' user accounts. They are being used for surfing accounts as well as advertisment, to show the advantages of buying real accounts. This technique has also other use cases.

Use cases

  • Internet cafe owner Andy wants to offer his guests an easy and save way to allow them surfing, chatting without risking his installation.
  • Teacher Kathrin uses edubuntu and don't want to create for every pupil an own user account on the edubuntu server. Therefore she creates a nonpersistent user account for her class, where she defines environment, tools, bookmarks etc. what her pupils will need for this class.

  • Teacher Peter likes the setup Kathrin has done, but need for his geography class a bit different setup for his pupils. He therefore copies (branches) Kathrins NonpersistantUser setup and customizes it in her needs.

  • Users have friends over, who'd like to use the computer but you don't want them messing with your account, so instead of creating a new "guest" account, you use the nonpersistent account.

  • AnyTown Public Library staff wishes to offer patrons and visitors access to the internet and productivity applications without risking the installation configuration. Edubuntu will allow the library to offer public computing services aimed at youth in a similar manner.

Scope

  • Internet Cafes
  • Schools using edubuntu
  • Libraries using ubuntu and edubuntu
  • training courses

Design

  • In principle, every NonpersistantUser has his own home directory. Every time he logs in, he gets his home restored from a tarball

  • To allow multiple logons e.g. in a ltsp environment, NonpersistantUsers need to be created at login times with a new unique uid and $HOME. uid and $HOME can be deleted at logout time.

There are basically 2 approaches to acheive this:

  • Doing a proxy users, allowing to choose, which of the predefined users they should be able to login. The proxy user does not need a password, the NonpersistantUsers should be protectable by password.

  • Integrating this proxy into gdm

Implementation

  • Evaluating both approaches and decide which one to take

  • Implementing an alternate authentication method, as NonpersistantUsers will not show up in /etc/passwd or /etc/shadow at login time, but only after login

  • GUI for creating/deleting/updateing/branching/merging? NonpersistantUsers

Code

Data preservation and migration

Outstanding issues

A user is able to modify the system in other ways than their home directory. Clear thinking about this is needed to ensure that all of these modifications can be found and undone. The first step would be a brainstorming session to list all of the ways that a user can make a change to a system that survives them logging out. Here is the start of a list:

  • cron and at jobs
  • sending email
  • background processes
  • ... ?

-- Ian Jackson

BoF agenda and discussion

Notes/Ideas

  • Perhaps there should be a warning when logging out. Something along the lines of "You have created the following files "foo.txt" and "bar.html". These files will be deleted if you log out. Please make sure you have saved them somewhere else, or that they are not important. [Delete files] [Cancel logout]"

CategorySpec CategoryEdubuntuSpec

NonpersistantUsers (last edited 2009-07-24 03:07:59 by 201)