Hello there! I have a laptop that I often find myself borrowing out to friends for them to quickly do a thing or two. However, it would be ideal if I could do this without giving them access to my main user account.
What I’m looking for is something similar to Linux Mint’s “guest sessions”, that I used for this purpose before switching to NixOS. It allowed people to select a “Guest” user under my main one which doesn’t have a password, and also wasn’t persistent; meaning, that everything anyone did was wiped on reboot.
While I do know how to create extra user accounts using “nixpkgs/option/users.users.”, I do not know how I would go about making this users environment impermanent. What should I do to achieve my desired behavior?
I am using home-manager, and have GNOME as my desktop environment if that helps with anything!
I would just create a user, name it guest, use users.users.guest.packages to install the required baselines of tools and then set up a tempfile rule that wipes the content of their $HOME on reboot.
Given that /tmp might have completely different space constraints usually, a single larger download can easily get you out of space for /tmp which again would likely have severe effects on everything else.
And if /tmp is on tmpfs even you are also provoking OOMs.
That sounds promising! How would I go about setting up a tempfile rule that wipes $HOME? I’ve never heard of tempfile rules, and looking around online I can’t quite find where to start looking
This would delete /home/guest recursively on each reboot, and then recreate it with 700 permissions, owned by guest and the users group. You might adjust the values here to match your actual requirements for the folder.
edit
You use systemd.tmpfiles.rules to add rules to the system:
However, after reading the first manual that you linked there’s one question that I have left; what different modes can/should I use? Under the “Mode” heading they only mention 0755 and 0644, whereas you recommend using 0700. Further down in the examples they also reference a 1777 mode. Where could I find a full list of these modes, and a better explanation of their differences?
The modes are Unix-standard ‘numeric modes’, per the above man page. They’re octal numbers where each digit encodes a set of permissions for different classes of user.
