Multi-user system challenges
 

I work at a very small business. Each worker does not have an isolated cubicle and computer.

I am configuring a multi-user shared workstation. Ubuntu MATE 16.04 and the LightDM login manager.

Common at work is coworkers heading out to the field to service customers or other systems and needing to leave the computer. Should the first user step away from the computer for a long period another user may still use the system by using the Switch User option in the Lock Screen dialog or from the menu button Log Out option. So far so good.

At that point, from the MATE desktop or the LightDM dialog there is no way to know that another user is logged in.

More importantly, I have found no way to prevent a reboot or shutdown when more than one user is logged in. I want to prevent either event only when multiple users are logged in.

Any ideas?

Thanks again. :)

me logged in root in a terminal, two users logged into my system using 'who' to see who is logged into my system.
as far as reboot, shutdown that needs root privs. so you can use your sudoers file and user / groups to give limited rights to users. instead of giving every user sudo , take that away, then give them if needed only sudo limited rights. this falls under system admin duties and responsibilities.

Allow An Unprivileged User To Run A Certain Command With Sudo

10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux

easter egg logout another user as root

Sure. A terminal. Except users are not going to pop open a terminal to learn if there are other active users before powering down or rebooting. Not going to happen. :)

I shared in my original post "MATE desktop or the LightDM dialog." From this GUI perspective I see no way to know if anybody else is logged on.

On a very short term basis I created a conky display to provide that information. Clunky but doable.

Except that criterion ignores my original post: " I want to prevent either event only when multiple users are logged in." That is, I don't care if users power down or reboot when there are no other users logged in. Using sudo and group permissions prevents all but one user from rebooting or powering down. Not palatable.

Similarly, I could create an /etc/polkit-1 file to remove the reboot and shutdown options. Again not palatable.

Much needed is way that MATE detects multiple users logged in and rather than present a dialog to reboot or shut down, explains that other users are logged in. Likewise with the same options in LightDM. I am not see how to do that.

hence you creating an issue by your own, from setting up one computer for everyone, and making everyone system admin by letting everyone have sudo, therefore, you are creating your own daemons.

You have to remove sudo rights from everyone to prevent this from taking place. period. that is a root/system admin privilege only thing.

NO it only prevents users that are deemed not worthy to have rights to reboot or shutdown the system.

get use to it, you got one computer for x amount of people, and people are going to do whatever they do to that computer if they can no matter what, as you're already are finding out, you are setting up a server type environment, more than one person logged into a main computer at the same time situation, to prevent anyone from shutting it down or rebooting it, SU and SUDO was invented, if it is missed used then you are going to have nothing but trouble as a result of it.


seems nothing is palatable in limiting who shuts down the system.

you have to take away the ability for anyone to shut it down, you can try to write an elaborate script to always check to be sure that only one person is logged in then shut down. whenever someone is trying to shut it down, or reboot it.

you already now know how to check to see if more than one is logged in, that is enough to get you started.

look into how to control shutting down linux. :study:

I'm assuming that is systemD
https://access.redhat.com/solutions/1580343

ok figure the rest of this out
 

follow these instructions on this page
https://access.redhat.com/solutions/1580343

then using this in a script,

I've already tested this on a systemD (manjaro). it works, now your part is the easy part. You figuring out where to put that script in connection to where the system calls for it to get rebooted or shut down and by using whatever means to do so in order to prevent the system from shutting down or rebooting if more than one user is logged in using the script to check for more than one user logged in, if yes than, no I am not shutting down, or rebooting.

i don't see a problem with the conky solution.
make it nicer if you need to.
about lightdm, i don't know, maybe you need to use another (full-featured, not so light) display manager that provides what you need.


i don't see an easy solution (*); if you are sure that your users use the gui buttons only, you can bind those buttons to scripts that do what you want:
see if others are still logged on - if yes, prevent shutdown, if not, allow it.

(*) actually ha, no, i have seen this.
probably best if i just give you the search results.

Linux goes single-user!
 

Good old Unix supported "who" i.e. utmp (and wtmp). E.g. the CDE tracked it, xterm and dtterm support it, with "last" you could easily report login times. A system reboot logged a "rebooted by ...".
"wall" and "shutdown" informed all logged in users.
Why did this stop? Developers of gnome-terminal or mate-terminal are even proud of no longer supporting the utmp.
Linux is going to become a single-user OS.

There is a program out there called 'snoopy' that records everything down to the key strokes someone does. I do not know exactly how detailed it is, but i do know it is detailed, and worth taking a look at.

wrong post, but still good for admin people so I am going to leave it.

Well, I did not create the problem. ;) The problem is created because upstream developers have forgotten (or ignored) that Linux is multi-user. They design distros and apps with a significant single-user bias.

Sounds nice but the business owner wants the technicians using the computers to have admin privileges. Very small company -- less than 10 employees -- small rural town -- trust level is high for all employees.

I don't think the root issue is sudo though. The root issue is not wanting to allow a power down or reboot with multiple users.

I looked at the Red Hat work-around. Still thinking about that and thank you. I am looking at ideas such as molly guard too. A challenge is the GUI orientation of the users. They might try to power down or reboot but from a desktop perspective, "nothing happens" because these tools are command line oriented. Needed is a graphical dialog or notification why the power down or reboot aborted.

The users are very much GUI oriented. They use the command line under one business need only and even then use PuTTY. Their memory muscle with using Windows is too great and I seem unable to discourage their habit with PuTTY. :) So I rarely expect them to use the command line and sudo to power down or reboot. Pointy-clicky all the way.

With the MATE desktop that means a keyboard shortcut and the panel menu button. Most do not know or care about keyboard shortcuts.

Users are significantly single-user biased too. The first part of this problem is training. The Conky display should help a tad, but breaking habits is always a challenge. Administratively far more sane to interrupt the power down and reboot requests.

I maintain one laptop that is not Linux compatible with respect to ACPI. On that system I created a polkit file that removes the shutdown, reboot/restart, suspend, and hibernate options for non-root users. Works rather nicely but is a sledge hammer approach. I might try something similar but the challenge is invoking those restrictions only with multiple users logged on. That is, with multiple users logged on the respective buttons do not appear in the dialog.

A curious problem. :)

Manjaro, it if I remember correctly ask me if I want to reboot when someone else is logged in. I'm in slack right now, busy, as I'd have to reboot into manjaro to verify that, as from time to time I'll switch ttys and login root, or some such thing, then switch back without login that other one out, so I'll efecttly have more than one user logged in, it doesn't seem to stop it from rebooting but , maybe because I have sudo no passwd but it does remind me I have more than one user logged in.

Interesting!

yep

You tried rebooting through the command line. What happens when you try through the desktop options?

it rebooted, you;re going to have to do some customization no matter how you look at it.

As I suspected. :( These solutions are command line based and our users are GUI oriented.

I think my solution lies with polkit. I started tinkering with that. I can make the dialog buttons disappear, but I haven't learned how to control the dialog buttons dependent upon the number of active users.