diff options
| author | Simon Rettberg | 2018-03-09 16:52:37 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2018-03-09 16:52:37 +0100 |
| commit | 4c5828db06af5bf9aaec4236fd894eac0fc56f21 (patch) | |
| tree | 3f9c28b7129bb98213b61bd611773af39c97aa06 | |
| parent | [pam-slxlog-session] Move slxlog calls on session open/close to separate module (diff) | |
| download | mltk-4c5828db06af5bf9aaec4236fd894eac0fc56f21.tar.gz mltk-4c5828db06af5bf9aaec4236fd894eac0fc56f21.tar.xz mltk-4c5828db06af5bf9aaec4236fd894eac0fc56f21.zip | |
[pam-slx-plug] Move session killing and home unmount from "pam" to this module
| -rw-r--r-- | core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount b/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount new file mode 100644 index 00000000..0d226acc --- /dev/null +++ b/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount @@ -0,0 +1,64 @@ +#!/bin/ash -- sourced + +# do not kill all root processes :) +[ "x${PAM_USER}" = "xroot" ] && return 0 + +USERID=$(id -u "$PAM_USER") +[ -z "$USERID" ] && USERID="$PAM_USER" + +# Async block: Check if user has no session open anymore, if not +# kill any remaining processes belonging to the user and unmount +# everything at $USERHOME and below. +{ + sleep 2 # Give things some time + # Use who (utmp) to determine sessions by the user. loginctl might be nicer, but + # a simple show-user $USER will also include detached sessions (eg. screen) which + # makes this quite pointless. This needs to be investigated some day. + SESSIONCOUNT=$(who | grep "^${PAM_USER}\\s" | wc -l) + if [ "$SESSIONCOUNT" = "0" ]; then + + # last session, close all ghost user processes + pkill -u "${USERID}" + + # check if user's processes are still running + for TIMEOUT in 1 1 1 FAIL; do + if ! ps -o pid,s -u "$USERID" -U "$USERID" | grep -q -v -E "PID|Z"; then + # nothing running anymore + break + fi + if [ "$TIMEOUT" = "FAIL" ]; then + # still something running, send SIGKILL + pkill -9 -u "${USERID}" + else + # give some time + sleep "${TIMEOUT}" + fi + done + + fi + + # just to be sure we check again, since the pkilling above might have taken some time... + SESSIONCOUNT=$(who | grep "^${PAM_USER}\\s" | wc -l) + if [ "$SESSIONCOUNT" = "0" ]; then + + # unmount the home directory structure + USER_HOME=$(getent passwd "$USERID" | awk -F ':' '{print $6}') + if [ -n "$USER_HOME" ]; then + for TIMEOUT in 0 0 1 2 FAIL; do + OK=yes + UOPT= + [ "$TIMEOUT" = "FAIL" ] && UOPT="-l" + for dir in $( < "/proc/mounts" awk '{print $2}' | grep -e "^${USER_HOME}\$" -e "^${USER_HOME}/" | sort -r ); do + umount $UOPT "$dir" || OK=no # no quotes + done + [ "$TIMEOUT" = "FAIL" -o "$OK" = "yes" ] && break + sleep "$TIMEOUT" + done + fi + + fi + +} & + +true + |