The other day, I sat down at my laptop and, seeing a facebook page open, typed in a status that made total sense for me but little sense for Amanda. Unfortunately, Amanda had just been using my computer, and the facebook page to which the browser pointed was hers, not mine. It’s OK: She was eventually re-hired at the High School and the law suits will be settled in due time.


Anyway, having multiple users able to access your computer is preferable to allowing just any old Tom, Dick or Harry, such as your wife or children, use your box. I’m sure there’s ways to do this on Windows, but they are probably broken. Multiple users are an afterthought for Microsoft; Unix based systems such as Linux and Mac OX X were designed with multiple users as the primary purpose of the operating system. This ends up giving us more security (because, and I oversimplify, a “virus” (and I misuse that term) is a “user” … and I’m only slightly exaggearting) as well as the ability to switch quickly between users on a basic laptop or desktop computer.

There are two fundamentally different ways to do this in Linux, one of which can be implemented in two styles, for a total of three approaches. Linux in Exile explains the basic approach focusing on Fedora. If you don’t use Linux, click here. The first way is to simply create an account for whichever Tom-Dick-Harry’s are in your life. This person is only going to use your computer now and then, and basically to check their email or facebook account or whatever from a browser. So, make an account with the user name of that person’s first name, and the password being the same as the person’s name, and tell them that when they want to use your computer, just log on as “Harry” password “harry” or whatever. Remind them that Linux is case-sensitive.

With this method, “Harry” will enjoy persistent data between uses, so when he or she signs on things like the facebook logon will be maintained, if that option was chosen. Harry can put his or her data on the computer and have it there later providing that you did not delete “Harry” or wipe the hard drive or whatever.

The second method is similar, and this involves making an account for a “person” named “guest” (or something similar) with the password set to “guest” (or “password”). Tell people to log on to this account when they want to use your computer. Different people using this one account will, of course, be stepping all over each other with data and logons and stuff, but so what. If they want control over their lives they should get their own computer.

The third method uses the approach described by Linux in Exile (link above) on Fedora, and this involves a true “guest account” which is simply a password-free account with limited access that erases all data and stuff between sessions, always. This is the easiest and most secure of the three approaches, but will not be as convenient for your family members who occasionally use your computer as the first method would be.

To set up alternate user accounts in Ubuntu check out this page.

Recent incarnations of Ubuntu (and possibly other Linux distros) will not allow you to create an account with the the user name and the password the same. To override this, you do the obvious: Set the password to some high level security standard, then from a terminal, use the passwd command as root (sudo passwd) to change that password to whatever low-security password you like.

Comments

  1. #1 Bjorn Watland
    June 20, 2011

    One of the features of the Google Chrome OS I liked was its implementation of user accounts.

    One of the reasons why people don’t use multiple user accounts in Linux, MacOS, or Windows are because its a hassle and it is “Yet Another Password to Remember.”

    While Linux doesn’t share the problems of Windows and MacOS of loads of applications which want to flood you with useful information and launch upon a user logging in, those non-Linux users can also be burdened with a delay in switching users. On the Windows side, “Quick User Switching” can also mean, “Why in the Hell is my computer running so slowly? Is it because someone else left The Sims 3 running in their session again?”

    I hope that OS developers work on making multiple user setups more of a desire and easier to use, rather than a burden people would rather avoid. I’d also be in favor of, at least for the home user population, some sort of federated authentication options with an authentication provider of his or her choice, for example, OpenID, Google, Facebook, etc., with easy to use options to authenticate using alternate credentials when cached credentials cannot be used and/or internet access is not available to provide authentication.

  2. #2 dargndorp
    June 20, 2011

    When I had guests recently who asked if they could use a computer, I handed them an ancient laptop which I had recently installed OS/2 on. Strictly single-user system, but esoteric enough that they couldn’t screw anything up even if they wanted to.

    Plus, it’s a great way to get some mileage out of old hardware.

  3. #3 Terrance Mercadel
    June 20, 2011

    My kids and I use the same windows computer everyday. Each with own logon. The switch user ability in windows allows data I was working on to be saved or run in background if for example my kids needed the computer. I could download a movie/files etc.. then switch users to my sons account and that download on my account continues to run while my son handles his business on his account. Multiple users in a windows environment is quite easy and in no way are they an after thought for Microsoft. just sayin… Adding Windows users sounds a whole lot easier to setup than what was stated above on linux.

  4. #4 Greg Laden
    June 20, 2011

    Well, it was an afterhtought. It was not a part of the Windows operating system as original conceived or implemented. But I am glad to hear they’ve got it working nicely!

    The comparison between how to do it on the two different systems that you’ve made is of course RONG!

  5. #5 John S. Wilkins
    June 20, 2011

    Macs in the OS X lineage were based on Unix 4.3 BSD, and so they had security built in from day one, a security that had a history of over thirty years at that stage. As Greg notes, Windows was a single user operating system that had multiple users and security built in later, and so it didn’t originally have the right file system (it does now).

    But “Windows” is a bit of a misnomer, as it is like talking about a General Electric product. Their toasters in the 1950s may have done something poorly. Their toasters now may do that well because they are a rather different product. The Windows of today is not the Windows of the past, so comparisons are odious unless supported. From what I gather 7 is quite a secure system and works well for multiuser accounts because it was designed to from the ground up (with Vista, I recall, but I don’t pay much attention to M$ plans).

    Still, I much prefer my *nix systems, because I learned my *nix in the 1980s and my knowledge still holds. And I loves me my Macs.

  6. #6 Greg Laden
    June 20, 2011

    I dunno, John. I’ve tried every iteration of Windows up to but not including 7 intensively, every one was the one that was fixed, every one sucked.

    Hearing that 7 is the good version means nothing to me. Even if it is, the wolf has surely eaten the town folk by now. Also, having done bad things at every level so far tells me that even if “7” is OK, “8” will not necessarily be. Unlike *nix, which builds on quality and redoes stuff as needed to get rid of bad code, etc. Windows development is market-research driven. That means it can turn on you at any moment. ANY MOMENT! Who needs it?

  7. #7 Roland
    June 20, 2011

    There are linuxes that don’t have login, and are therefore inherently single-user. Puppy, for instance. For the others, don’t forget to configure your screensaver to lock the screen when it activates, so while you’re in the john your SO can’t mess with your facebook or other stuff.

  8. #8 Eric Lund
    June 21, 2011

    John @5: It may well be that Windows 7 has been designed to be a multi-user system (I haven’t tried this, so I don’t actually know). Whenever M$ puts out a new version of Windows, I hear about how much code they have rewritten. It’s a phrase which is designed to sound reassuring to the average user who knows nothing about computers and doesn’t want to know anything. But some of us know a little bit about computers, as well as the old saying, “If it ain’t broke, don’t fix it.” M$ routinely violates this rule, significantly altering user interfaces for no better apparent reason than “because they can.” Changes to *nix kernels happen for two reasons: either to fix something that actually is broken, or to add functionality that wasn’t there before. That gives me confidence that most of the code base actually works. M$ has never given me that kind of confidence.

  9. #9 Timberwoof
    June 21, 2011

    There are two lineages of Windows. 1-2-3-95-98-ME and NT-NT4-2000-2003server-XP-Vista-7. The NT lineage was created by the same guy who directed DEC’s VMS for the VAX minicomputers of the late ’70s and ’80s. Micosoft has a habit of hiring whole new UI teams for each iteration of the OS, and yes, they change everything … because they can. That said, W2k and W7 seem to be okay, XP fair-to-middling, and Vista was widely regarded as awful.

    Another useful way to use multiple accounts on a single computer is to compartmentalize your personal and professional life. If I ever do work on my own computer (as opposed to ones I get from work), I do it in a separate account. No chance of accidentally emailing the wrong file to someone.

  10. #10 The Swordfish
    June 22, 2011

    I suspect you may mean “passwd”, not “pwd”. ;)

  11. #11 Greg Laden
    June 22, 2011

    Sword, thanks for the correction! Using pwd to do this would get frustrating …

  12. #12 J. J. Ramsey
    June 22, 2011

    So far as I’ve seen, the main problem with multiple users on Windows, especially multiple non-admin users on Windows, is that applications had been designed with the single-user environments of Windows 95/98 in mind, and so they did things like store some user settings in system folders or in a part of the Registry meant for the system rather than an individual user. (It would be like writing an application for a hypothetical single-user Unix where /etc was world-writable.) When these apps were ported to Windows XP, they required admin-level privileges just to run, at least if they were installed normally. If the applications had been written to respect the principle of least privilege, there wouldn’t have been as much of a problem.

  13. #13 Ender
    June 24, 2011

    Wouldn’t a combination of #1 and #3 be a good option for a family? Each regular user (husband, wife, kids) could have their own account, plus a proper guest account for any other incidental users which wipes all user data after the session is ended.

    Thanks for bringing this up. It takes a lot of trust to fully share a computer with someone. It works for me (every time I open facebook, it automatically logs onto my girlfriend’s account)

Current ye@r *