On Mon, May 4, 2020, 23:31 Andy Pieters <syst...@andypieters.me.uk> wrote:
> On Mon, 4 May 2020 at 15:51, Andy Pieters <syst...@andypieters.me.uk> > wrote: > >> Hi >> >> I'm trying to accomplish the following: >> >> An event happens -> I start a systemd service in response >> after RuntimeMaxSec is reached service terminates and cleans up event >> >> Should a second event happen whilst RuntimeMaxSec is not yet reached the >> preference would be to reset RuntimeMaxSec of the service >> >> Alternatively, I suppose I could shut down the service and restart it in >> reply to >> a second or third or fourth event happening. >> >> Any suggestions here? >> >> > OK, I will give more info on what I want to do. > I have SSH login which requires 2FA. I use PAM to check if user belongs to > group x > If user is in group X, normal authentication is performed > If user is not in group X, then 2F authentication is required. > > That part is already working. > > What I want to achieve: > a) when a user logs on using 2F authentication, add user to group x > b) after a delay remove user from group x > So this is basically for implementing sudo-like caching for 2FA? What authentication methods are involved here? Seems like there are better ways than a service file that permanently modifies /etc/group in the first place... Like a PAM module that literally touches a timestamp file. > That part is trivial to do with some service file, either by starting a > timer, or > using systemd-run or setting RuntimeMaxSec on a dummy service and using > the ExecStop= to remove the user from group x. > > The problem: > * every new login in between a) and b) above should restart the delay > timing > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel >
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
