Only the main or 'sudo' user can give permissions to guests, and any of these should be very limited for the sake of security.
A guest account has zero permissions unless in possession of the sudo password, so keeping that a secret is the main thing. Back when I last worked, if our superiors found written on paper passwords on our desks (or in an unlocked desk drawer), that was cause for termination on the spot, no questions asked. That was a top priority, especially when we switched from Apple to Windows computers for the day to day operations of distribution centers.
So as long as the screen saver is set to lock when company comes over, or if another lives in the home, one can lock their screen as soon as getting out of the chair.
The way I see it, a personal computer is just that, the personal property of a another, meaning that no one else has any business on these for any reason, and if I catch someone on one of mine, there's a high probability that their head will run into a baseball bat that's close by several times. Plus will be charged with whatever the legal term is for breakin (or each attempted breakin) of a digital device that's property of another (may be a Federal crime in the US). The OS has a way, I'm sure, of how many attempts one enters the wrong password to trespass & can be used as admissible evidence in a court of law.
As for the baseball bat, an object cannot be charged with a crime, and we the people have a legal right to protect our property however we have to, that's in the US Constitution, somewhere along the lines of the right to bear firearms (if not a felon under serving an active sentence, on parole or probation). In some states, it may be interpreted as 'standing your ground'.
That's another reason why I have webcams running while gone, and when motion is detected, these goes into a folder, in an unseen hard drive, and uploaded to Camera Roll folder on OneDrive, am considering investing into a couple of more that can capture high quality (1080p) snapshots at several angles to catch a thief in the act. Stealing as mush as a $5 Flash drive is a felony, if it contains personally identifying information (example, a copy of a tax return) on it, even if encrypted. I've had a couple of these stolen in the past, and both later paid the price when going back again. One stole a USB stick in plain sight that was loaded with infections from scanning many computers with Emsisoft Emergency Kit, where I carefully relabeled the quarantine folders as games, wow, did he pay the price.
He (my brother-in-law) traded it to a store owner for a pack of cigarettes, and the man beat the living crap out of him. Then my mother-in-law got involved, and once the store owner told her why, and showed her the drive, she skew right then it was mine, as I had cleaned her computer with it & asked him where it came from. He admitted to stealing it from me & then got whacked in the head twice again by her.
The second, was also in the family, grabbed a similar setup, only posed to look like Dora games, and his daughter was calling her dad within a minute saying that 'something's wrong', and sure enough it was. Knowing better than to bring it to me, he paid close to $300 for reloading the OS, and lost a lot of pictures as a result of his actions. Fortunately, it didn't do anything when she at first plugged it into her iPad. He was the one I really wanted to catch, the other was a surprise, I knew that at least two prior USB sticks sprouted legs. A week or two later, while he knew I was at an appointment, brought my USB sticks to his mother (all three) & apologized. Needless to say, this caused hardship for a few months, however if it weren't for freeloading & having sticky fingers, all incidents could had been avoided.
Plus I would have to be looking at close to $200 in high definition wi-fi cameras to protect my PC room while gone.
My advice, do what's necessary to protect your property. and it doesn't hurt to test guests with a 'mouse trap' every now & then, as long as the computer(s) & drives are locked down, and no one (not even a spouse/partner) knows the password, one should be OK. As far as a computer for spouse/partner (or children/grandchildren) goes, a spare computer, or having their own, is best policy.
This is why a personal computer (be it a notebook or tower computer) is called just that, it belongs to the one who paid for it, or has the proof of purchase, and if a OEM computer, registered with them for warranty/support purposes. That person is the legal owner of the computer until transferred, something that buyers needs to be sure of aware of when purchasing from 3rd parties & needs to get in writing, or better yet, obtain transfer as a condition of sale. No one else has any business touching it in any way, shape, or form, unless a search warrant is obtained for a valid reason.
So as long as precautions are taken, one should be easily able to ensure that no one else has access to their computer. Keep an old XP notebook for guests, rest assured, they likely won't ask again.
EDIT: Corrected Typo.
Edited by cat1092, 17 March 2017 - 04:20 AM.