Problems can be reduced by running a script to check and reset file ownerships every minute (/etc/crontab). Some processes (like ‘mate-panel’, ‘mate-settings-demon’) still need to be killed, though.
#!/bin/bash
LOGTAG="$(basename $0)" RUN_USER_DIR="/var/run/user" #PROCESSES_TO_RESTART='mate-panel' EXITVALUE=0 function test_D_Conf_user_file_permissions { DUFLISTING=$(ls -n "$DCONF_USER_FILE") #echo "$DUFLISTING" read DUFPERMISSIONS DUFLINKS DUFUID DUFGID DUFDETAILS <<<$(echo "$DUFLISTING") #echo "user & group: $RUN_UID:$RUN_GID; D Conf file: $DUFUID:$DUFGID" logger --tag "$LOGTAG" -p 'user.debug' "user & group: $RUN_UID:$RUN_GID; D Conf file: $DUFUID:$DUFGID" test "$DUFUID" == "$RUN_UID" -a "$DUFGID" == "$RUN_GID" } # function test_D_Conf_user_file_permissions function show_situation { top -b -n 1 | sed -e '12,$d' free } # function show_situation cd "$RUN_USER_DIR" for RUN_UID in * do if #test "$RUN_UID" != '0' test $RUN_UID -ge 1000 then RUN_GID="$(id -g $RUN_UID)" DCONF_USER_DIR="$RUN_USER_DIR/$RUN_UID/dconf" DCONF_USER_FILE="$DCONF_USER_DIR/user" #ls -al "$DCONF_USER_DIR" if ! test_D_Conf_user_file_permissions then #echo -n "→ Permissions seem wrong. " #echo "→ Permissions seem wrong; processes accessing $DCONF_USER_DIR:" #fuser -v "$DCONF_USER_DIR" #echo "→ Trying to reset ownership of $DCONF_USER_FILE…" logger --tag "$LOGTAG" -p 'user.notice' "→ Trying to reset ownership of $DCONF_USER_FILE…" #chown -v "$RUN_UID:$RUN_GID" "$DCONF_USER_FILE" chown "$RUN_UID:$RUN_GID" "$DCONF_USER_FILE" #echo '→' #killall -v -SIGHUP $PROCESSES_TO_RESTART if ! test_D_Conf_user_file_permissions then #echo '* ERROR: could not reset ownership.' logger --tag "$LOGTAG" -p 'user.crit' '* could not reset ownership.' EXITVALUE=1 fi #else #echo '→ Permissions seem fine; no action taken.' fi #else ##echo "Super user (UID $RUN_UID) ignored." #echo "System user (UID $RUN_UID) ignored." fi #echo done #echo '⇒' #show_situation #echo exit $EXITVALUE
signature.asc
Description: PGP signature