On Feb 1, 2017, at 15:42 , Jonathan Billings wrote: > On Wed, Feb 01, 2017 at 01:07:30PM +0100, Stephan Wiesand wrote: >> nice idea... I should probably implement that here. Something like >> >> auth required pam_exec.so stdout /bin/check_home_space >> >> should work well enough at least with lightdm. Just make the script >> print a short message to stdout and exit 1 in the failure case. > > You really shouldn't have PAM generate standard output for successful > logins. You will break things like SSH's SFTP.
I wasn't suggesting that, sorry for being unclear. I think this should be added to the lightdm pam config only (will login through ssh or on a VT even fail if there's no space left in ~ ?). And on success, the check script clearly shouldn't print anything to stdout and exit 0. > We do something like this on our RHEL7 workstations, and we have > zenity pop up with a warning when they log in if their home > directory's quota is greater than 95% full. It runs as an script > launched from a .desktop file in /etc/xdg/autostart/. Makes sense, but I think none of this will work if ~ is already 100% full. You'll just be thrown back to the display manager's login screen w/o a meaningful error message (maybe that "your session was suspiciously short" dialog, but I'm not sure that's still present in EL7). > For console logins, I'd probably use a script in /etc/profile.d/ that > detected that it was a console login and generate all the output to > stderr, just in case. But considering that people don't read the MOTD > I doubt they'd read warnings like that. -- Stephan Wiesand DESY -DV- Platanenenallee 6 15738 Zeuthen, Germany _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info