1

I have created a persistent Ubuntu Mate USB flash drive using mkusb and configured it to how I want it. I now want to stop anyone from being able to modify it.

I don't mind if the solution is to stop all modification by the user or whether it allows the user to modify just for that session but reverts on reboot.

There is no system login and I would like it to stay that way, but there would need to be some way for me to still gain privileged access for maintenance.

I would like the user to have the exact same desktop as I have setup, i.e. including the shortcuts to network drives.

I would appreciate any suggestions. I would consider myself as beginner to intermediate user, so a little detail may be required.

bedfellow
  • 11

1 Answers1

2

How to make a persistent USB install read-only

It is possible to do what you want using a modified Guest User account

  • Install lightdm:

    sudo apt-get install lightdm

The install process will ask to remove GDM.

  • At popup select lightdm as display manager.

For a grub2 booters with persistent casper-rw partitions, such as mkusb:

Open casper-rw/upper/etc/lightdm/lightdm.conf and change allow-guest=true. Now there will be a Guest account.

For Syslinux booters with persistent casper-rw files such as UNetbootin and Rufus: First mount the casper-rw file:

sudo mkdir /media/casper

sudo mount -o loop casper-rw /media/casper/

Then edit casper/upper/etc/lightdm/lightdm.conf and change allow-guest=true A guest account will be added to boot options.

Modifying the Guest Account

You may use an existing User Account, or create a new User Account, to use as a Live basis for customizing the Guest Session.

Make a directory for guest session, if one does not already exist:

sudo mkdir /etc/guest-session

Create a symbolic link:

sudo ln -s /home/{NAME} /etc/guest-session/skel

Where {NAME} is the name of the User Account you wish to use as a basis.

Any changes made to the user account will appear in the guest account.

Any changes to the guest account will be deleted at end of the session.

User {NAME} can be hidden at login:

  • To hide the user open /var/lib/AccountsService/users/{NAME}

  • Edit line to SystemAccount=true

See also Add Guest user to Persistent flash drive

Customize Guest Session

C.S.Cameron
  • 20,530
  • 12
  • 78
  • 125