From 2cadb11bc8a483840c1f8587a7e6cf36cc06f0a4 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 24 May 2019 16:23:19 +0200
Subject: [*] Use logind.conf to kill user processes

Get rid of old, brittle script in pam session close
that would do wonky stuff to kill stray user processes.
---
 .../pam_script_ses_close.d/zz-killall-umount       | 64 ----------------------
 1 file changed, 64 deletions(-)
 delete mode 100644 core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount

(limited to 'core/modules/pam-slx-plug')

diff --git a/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount b/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount
deleted file mode 100644
index 0d226acc..00000000
--- a/core/modules/pam-slx-plug/data/opt/openslx/scripts/pam_script_ses_close.d/zz-killall-umount
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/ash -- sourced
-
-# do not kill all root processes :)
-[ "x${PAM_USER}" = "xroot" ] && return 0
-
-USERID=$(id -u "$PAM_USER")
-[ -z "$USERID" ] && USERID="$PAM_USER"
-
-# Async block: Check if user has no session open anymore, if not
-# kill any remaining processes belonging to the user and unmount
-# everything at $USERHOME and below.
-{
-	sleep 2 # Give things some time
-	# Use who (utmp) to determine sessions by the user. loginctl might be nicer, but
-	# a simple show-user $USER will also include detached sessions (eg. screen) which
-	# makes this quite pointless. This needs to be investigated some day.
-	SESSIONCOUNT=$(who | grep "^${PAM_USER}\\s" | wc -l)
-	if [ "$SESSIONCOUNT" = "0" ]; then
-
-		# last session, close all ghost user processes
-		pkill -u "${USERID}"
-
-		# check if user's processes are still running
-		for TIMEOUT in 1 1 1 FAIL; do
-			if ! ps -o pid,s -u "$USERID" -U "$USERID" | grep -q -v -E "PID|Z"; then
-				# nothing running anymore
-				break
-			fi
-			if [ "$TIMEOUT" = "FAIL" ]; then
-				# still something running, send SIGKILL
-				pkill -9 -u "${USERID}"
-			else
-				# give some time
-				sleep "${TIMEOUT}"
-			fi
-		done
-
-	fi
-
-	# just to be sure we check again, since the pkilling above might have taken some time...
-	SESSIONCOUNT=$(who | grep "^${PAM_USER}\\s" | wc -l)
-	if [ "$SESSIONCOUNT" = "0" ]; then
-
-		# unmount the home directory structure
-		USER_HOME=$(getent passwd "$USERID" | awk -F ':' '{print $6}')
-		if [ -n "$USER_HOME" ]; then
-			for TIMEOUT in 0 0 1 2 FAIL; do
-				OK=yes
-				UOPT=
-				[ "$TIMEOUT" = "FAIL" ] && UOPT="-l"
-				for dir in $( < "/proc/mounts"  awk '{print $2}' | grep -e "^${USER_HOME}\$" -e "^${USER_HOME}/" | sort -r ); do
-					umount $UOPT "$dir" || OK=no # no quotes
-				done
-				[ "$TIMEOUT" = "FAIL" -o "$OK" = "yes" ] && break
-				sleep "$TIMEOUT"
-			done
-		fi
-
-	fi
-
-} &
-
-true
-
-- 
cgit v1.2.3-55-g7522