Re: [systemd-devel] login/logout hooks in fedora 17?
On Wed, 20.06.12 21:26, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Hi Lennart, Thanks for the advice, sounds like the right solution[*]. I managed to get pam_script going. Right now it is at the end of postlogin in /etc/pam.d/ (after several earlier choices) and it works. Half of the time. Literally. The open session script triggers with a gdm login into a gnome session, but the close session script does not trigger with a logout. But both scripts trigger on ssh logins and logouts. Systemd seems to to be happy (at least I see messages in dbus-monitor). But pam, somehow, does not get the right push when I logout of a gnome-shell session (this is all in fc17). So, who is missing a message? (or whatever) Pam? Gnome-shell? Systemd? Another obscure little piece of the puzzle that I can't yet see? Hmm, so if the PAM sessoin end hooks are not called then this would be a bug in gdm. Did you check auth.log whether the session logout hooks log anything there? [*] I also tested hacking dbus-monitor and I guess that could be made into a login/logout detector - but how do you differentiate between local and ssh logins? .../login1/Manager messages do not seem to be enough. Local logins have a seat assigned, for ssh logins the seat is . But I think the PAM way is much preferable since it's synchronous... Lennart -- Lennart Poettering - Red Hat, Inc. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On 06/21/2012 02:59 AM, Lennart Poettering wrote: On Wed, 20.06.12 21:26, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Thanks for the advice, sounds like the right solution[*]. I managed to get pam_script going. Right now it is at the end of postlogin in /etc/pam.d/ (after several earlier choices) and it works. Half of the time. Literally. The open session script triggers with a gdm login into a gnome session, but the close session script does not trigger with a logout. But both scripts trigger on ssh logins and logouts. Systemd seems to to be happy (at least I see messages in dbus-monitor). But pam, somehow, does not get the right push when I logout of a gnome-shell session (this is all in fc17). So, who is missing a message? (or whatever) Pam? Gnome-shell? Systemd? Another obscure little piece of the puzzle that I can't yet see? Hmm, so if the PAM sessoin end hooks are not called then this would be a bug in gdm. Did you check auth.log whether the session logout hooks log anything there? Nothing there that I can see (/var/log/secure in fc17). It does not look like it is a problem in gdm alone, I just decided to give up on gdm and tried kdm, but it exhibits the same behavior (open session script gets called, close session script is ignored). I did some find/grep in the source of gdm yesterday and did not find pam stuff. It does not look like gdm itself is dealing with pam directly. How does the chain of command work these days? -- Fernando ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On 06/21/2012 10:01 AM, Fernando Lopez-Lezcano wrote: On 06/21/2012 02:59 AM, Lennart Poettering wrote: On Wed, 20.06.12 21:26, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Thanks for the advice, sounds like the right solution[*]. I managed to get pam_script going. Right now it is at the end of postlogin in /etc/pam.d/ (after several earlier choices) and it works. Half of the time. Literally. The open session script triggers with a gdm login into a gnome session, but the close session script does not trigger with a logout. But both scripts trigger on ssh logins and logouts. Systemd seems to to be happy (at least I see messages in dbus-monitor). But pam, somehow, does not get the right push when I logout of a gnome-shell session (this is all in fc17). So, who is missing a message? (or whatever) Pam? Gnome-shell? Systemd? Another obscure little piece of the puzzle that I can't yet see? Hmm, so if the PAM sessoin end hooks are not called then this would be a bug in gdm. Did you check auth.log whether the session logout hooks log anything there? Nothing there that I can see (/var/log/secure in fc17). It does not look like it is a problem in gdm alone, I just decided to give up on gdm and tried kdm, but it exhibits the same behavior (open session script gets called, close session script is ignored). I did some find/grep in the source of gdm yesterday and did not find pam stuff. Wrong!, I looked in gnome-shell... now looking in gdm... -- Fernando ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On 06/21/2012 10:01 AM, Fernando Lopez-Lezcano wrote: On 06/21/2012 02:59 AM, Lennart Poettering wrote: On Wed, 20.06.12 21:26, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Thanks for the advice, sounds like the right solution[*]. I managed to get pam_script going. Right now it is at the end of postlogin in /etc/pam.d/ (after several earlier choices) and it works. Half of the time. Literally. The open session script triggers with a gdm login into a gnome session, but the close session script does not trigger with a logout. But both scripts trigger on ssh logins and logouts. Systemd seems to to be happy (at least I see messages in dbus-monitor). But pam, somehow, does not get the right push when I logout of a gnome-shell session (this is all in fc17). So, who is missing a message? (or whatever) Pam? Gnome-shell? Systemd? Another obscure little piece of the puzzle that I can't yet see? Hmm, so if the PAM sessoin end hooks are not called then this would be a bug in gdm. Did you check auth.log whether the session logout hooks log anything there? Nothing there that I can see (/var/log/secure in fc17). It does not look like it is a problem in gdm alone, I just decided to give up on gdm and tried kdm, but it exhibits the same behavior (open session script gets called, close session script is ignored). Sigh, operator error, not a bug. More reading to do on PAM configuration, adding pam_script to the end of the password or auth series of modules fixes the problem I was having and the close session script gets called. I apologize for the noise... Thanks much for the help and patience! -- Fernando ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On 06/18/2012 10:42 AM, Lennart Poettering wrote: On Mon, 18.06.12 10:04, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Thanks for any advice! Hmm, so there are multiple ways to achieve this, but it really depends on what you are trying to do here. May I ask what kind of script you want to run for a user logging in? Our workstations have a partition on the hard disk for users to use temporarily, mounted under /zap (we've had this for a long long time). When a local user (ie: sitting in front of the machine) logs out the contents of /zap/ are erased. The partition is usually rather big and different from /tmp, /var/tmp, etc (ie: the user should see an empty directory when he/she logins). The script singled out some processes for killing (and log) that could spell trouble for subsequent users if they stayed alive (namely jack and pd if I remember correctly). The script also reloads the state of the alsa mixer so that users are assured sound will work as expected after they login. I also used them to track and terminate any user processes that linger for a while after the logout, but I believe that can be done now through systemd (I think I saw some references to that last week, the name of the preference escapes me right now). Yes, you can do that now with systemd. Just set KillUserProcesses=yes in /etc/systemd/logind.conf. Also do you want this to run prviliged or unprivieleged? I would prefer privileged, that would allow me, for example, to choose what to erase in /zap (not necessarily only the current user's files). OK, with all this I'd recommend using something like pam-hooks or pam-scripts. It will run privileged, works for all PAM services, is not dependant on systemd, and runs synchronously. Thanks for the advice, I'm trying this right now. So far I managed (using pam_script 1.1.6) to trigger a script on login by adding pam_script.so to gdm-password, but I have not found where to activate it for the end of the gdm session. Sigh. Never easy... -- Fernando ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On 06/18/2012 10:42 AM, Lennart Poettering wrote: On Mon, 18.06.12 10:04, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Thanks for any advice! Hmm, so there are multiple ways to achieve this, but it really depends on what you are trying to do here. May I ask what kind of script you want to run for a user logging in? Our workstations have a partition on the hard disk for users to use temporarily, mounted under /zap (we've had this for a long long time). When a local user (ie: sitting in front of the machine) logs out the contents of /zap/ are erased. The partition is usually rather big and different from /tmp, /var/tmp, etc (ie: the user should see an empty directory when he/she logins). The script singled out some processes for killing (and log) that could spell trouble for subsequent users if they stayed alive (namely jack and pd if I remember correctly). The script also reloads the state of the alsa mixer so that users are assured sound will work as expected after they login. ... Also do you want this to run prviliged or unprivieleged? I would prefer privileged, that would allow me, for example, to choose what to erase in /zap (not necessarily only the current user's files). OK, with all this I'd recommend using something like pam-hooks or pam-scripts. It will run privileged, works for all PAM services, is not dependant on systemd, and runs synchronously. (for some reason a previous response did not make it to the list). Hi Lennart, Thanks for the advice, sounds like the right solution[*]. I managed to get pam_script going. Right now it is at the end of postlogin in /etc/pam.d/ (after several earlier choices) and it works. Half of the time. Literally. The open session script triggers with a gdm login into a gnome session, but the close session script does not trigger with a logout. But both scripts trigger on ssh logins and logouts. Systemd seems to to be happy (at least I see messages in dbus-monitor). But pam, somehow, does not get the right push when I logout of a gnome-shell session (this is all in fc17). So, who is missing a message? (or whatever) Pam? Gnome-shell? Systemd? Another obscure little piece of the puzzle that I can't yet see? A simple logout hook is what I need most, of course. Very very _very_ frustrating. -- Fernando [*] I also tested hacking dbus-monitor and I guess that could be made into a login/logout detector - but how do you differentiate between local and ssh logins? .../login1/Manager messages do not seem to be enough. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On Thu, 14.06.12 11:15, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Heya, Hi all, Any suggestions on how I may run a script when a user logins or logouts of the graphical console? I used to do this with gdm by customizing the Post* and Pre* scripts in /etc/gdm. I see that the login/logout process is (appears to be) controlled by systemd. What would be a good approach to getting the system to run a script before a user logs in and after a user logs out (ie: for local users sitting at the console - probably now called a seat if I understand things correctly). Thanks for any advice! Hmm, so there are multiple ways to achieve this, but it really depends on what you are trying to do here. May I ask what kind of script you want to run for a user logging in? Also do you want this to run prviliged or unprivieleged? One possible way is probably to hook this into the PAM session setup/shutdown so that you can catch all types of logins with this. If you need to run a script rather than write a PAM script a quick google search reveals that pam-hooks might be the way to go? Anyway, I can make a better recommendation with a few hints on the intended usecases Lennart -- Lennart Poettering - Red Hat, Inc. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On 06/18/2012 09:45 AM, Lennart Poettering wrote: On Thu, 14.06.12 11:15, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Heya, Hi Lennart, Any suggestions on how I may run a script when a user logins or logouts of the graphical console? I used to do this with gdm by customizing the Post* and Pre* scripts in /etc/gdm. I see that the login/logout process is (appears to be) controlled by systemd. What would be a good approach to getting the system to run a script before a user logs in and after a user logs out (ie: for local users sitting at the console - probably now called a seat if I understand things correctly). Thanks for any advice! Hmm, so there are multiple ways to achieve this, but it really depends on what you are trying to do here. May I ask what kind of script you want to run for a user logging in? Our workstations have a partition on the hard disk for users to use temporarily, mounted under /zap (we've had this for a long long time). When a local user (ie: sitting in front of the machine) logs out the contents of /zap/ are erased. The partition is usually rather big and different from /tmp, /var/tmp, etc (ie: the user should see an empty directory when he/she logins). The script singled out some processes for killing (and log) that could spell trouble for subsequent users if they stayed alive (namely jack and pd if I remember correctly). The script also reloads the state of the alsa mixer so that users are assured sound will work as expected after they login. I also used them to track and terminate any user processes that linger for a while after the logout, but I believe that can be done now through systemd (I think I saw some references to that last week, the name of the preference escapes me right now). Anyway, you get the idea. Also do you want this to run prviliged or unprivieleged? I would prefer privileged, that would allow me, for example, to choose what to erase in /zap (not necessarily only the current user's files). One possible way is probably to hook this into the PAM session setup/shutdown so that you can catch all types of logins with this. If you need to run a script rather than write a PAM script a quick google search reveals that pam-hooks might be the way to go? Anyway, I can make a better recommendation with a few hints on the intended usecases BTW, last Friday I tried to use a small perl program using Net::Dbus or something like that (sorry, I don't have the code here right now) to try to listen to specific messages from the --system bus but while everything seemed to run fine and I got no errors I never saw any messages (the messages were seen by the standard utility). Based on my searches so far that seemed like a reasonable approach. Thanks! -- Fernando ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] login/logout hooks in fedora 17?
On Mon, 18.06.12 10:04, Fernando Lopez-Lezcano (na...@ccrma.stanford.edu) wrote: Thanks for any advice! Hmm, so there are multiple ways to achieve this, but it really depends on what you are trying to do here. May I ask what kind of script you want to run for a user logging in? Our workstations have a partition on the hard disk for users to use temporarily, mounted under /zap (we've had this for a long long time). When a local user (ie: sitting in front of the machine) logs out the contents of /zap/ are erased. The partition is usually rather big and different from /tmp, /var/tmp, etc (ie: the user should see an empty directory when he/she logins). The script singled out some processes for killing (and log) that could spell trouble for subsequent users if they stayed alive (namely jack and pd if I remember correctly). The script also reloads the state of the alsa mixer so that users are assured sound will work as expected after they login. I also used them to track and terminate any user processes that linger for a while after the logout, but I believe that can be done now through systemd (I think I saw some references to that last week, the name of the preference escapes me right now). Yes, you can do that now with systemd. Just set KillUserProcesses=yes in /etc/systemd/logind.conf. Also do you want this to run prviliged or unprivieleged? I would prefer privileged, that would allow me, for example, to choose what to erase in /zap (not necessarily only the current user's files). OK, with all this I'd recommend using something like pam-hooks or pam-scripts. It will run privileged, works for all PAM services, is not dependant on systemd, and runs synchronously. BTW, last Friday I tried to use a small perl program using Net::Dbus or something like that (sorry, I don't have the code here right now) to try to listen to specific messages from the --system bus but while everything seemed to run fine and I got no errors I never saw any messages (the messages were seen by the standard utility). Based on my searches so far that seemed like a reasonable approach. Hmm, maybe you forgot to invoke AddMatch on the bus so that you actually go the messages? Or maybe the bus policy prohibited that these events got delivered to you? Lennart -- Lennart Poettering - Red Hat, Inc. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] login/logout hooks in fedora 17?
Hi all, Any suggestions on how I may run a script when a user logins or logouts of the graphical console? I used to do this with gdm by customizing the Post* and Pre* scripts in /etc/gdm. I see that the login/logout process is (appears to be) controlled by systemd. What would be a good approach to getting the system to run a script before a user logs in and after a user logs out (ie: for local users sitting at the console - probably now called a seat if I understand things correctly). Thanks for any advice! -- Fernando ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
