OK, here’s the scenario. I like Garuda’s use of the temporary guest account. I changed my users Guest accounts GID & UID to 1001 and changed my user account to 1000 to be consistent with my predefined user accounts on other computers. That’s not the issue, as that is being changed in upcoming Garuda editions.
In the Guest account the user is not permitted to view any files in other users home directories. I like all my external drives mounted in the default location /run/media/$USER/ name_of_drive.
The problem being this is an HTPC computer with the media files located on swappable external drives. When the guest account is active the user can not view any movies etc stored on the media drives. This kind of defeats the purpose of the Guest account if I can’t leave a guest to watch media on my home theater computer.
So, I did some searching and the only method I found to circumvent the Guest account security was to use a bind mount as thist apparently sidesteps the ACL’s. So I mounted the media drive I wanted to give access to via fstab (still using /run/media/$USER/). Then I put a bind mount in fstab to /media/video/movies and it worked.
Problem was the whole drive was visible to the Guest user with full read/write/delete permissions. So, the default way is too restrictive, and my workaround is too permissive.
Anyone have any other ideas on how to give permissions to only read from a specified media folder on the guest account. I do not want the guest account to be able read other non specified directories, and the specified directories require read only permissions. I tried playing with the permissions on the folder, but it made no difference using the bind mount method.
Information on this subject is extremely scanty on the internet unless my SearchFu has failed me.