Multi-user system challenges
I work at a very small business. Each worker does not have an isolated cubicle and computer.
I am configuring a multi-user shared workstation. Ubuntu MATE 16.04 and the LightDM login manager. Common at work is coworkers heading out to the field to service customers or other systems and needing to leave the computer. Should the first user step away from the computer for a long period another user may still use the system by using the Switch User option in the Lock Screen dialog or from the menu button Log Out option. So far so good. At that point, from the MATE desktop or the LightDM dialog there is no way to know that another user is logged in. More importantly, I have found no way to prevent a reboot or shutdown when more than one user is logged in. I want to prevent either event only when multiple users are logged in. Any ideas? Thanks again. :) |
me logged in root in a terminal, two users logged into my system using 'who' to see who is logged into my system.
Code:
bash-4.4# who Allow An Unprivileged User To Run A Certain Command With Sudo 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux easter egg logout another user as root Code:
|
Quote:
I shared in my original post "MATE desktop or the LightDM dialog." From this GUI perspective I see no way to know if anybody else is logged on. On a very short term basis I created a conky display to provide that information. Clunky but doable. Quote:
Similarly, I could create an /etc/polkit-1 file to remove the reboot and shutdown options. Again not palatable. Much needed is way that MATE detects multiple users logged in and rather than present a dialog to reboot or shut down, explains that other users are logged in. Likewise with the same options in LightDM. I am not see how to do that. |
Quote:
You have to remove sudo rights from everyone to prevent this from taking place. period. that is a root/system admin privilege only thing. Quote:
get use to it, you got one computer for x amount of people, and people are going to do whatever they do to that computer if they can no matter what, as you're already are finding out, you are setting up a server type environment, more than one person logged into a main computer at the same time situation, to prevent anyone from shutting it down or rebooting it, SU and SUDO was invented, if it is missed used then you are going to have nothing but trouble as a result of it. Quote:
seems nothing is palatable in limiting who shuts down the system. you have to take away the ability for anyone to shut it down, you can try to write an elaborate script to always check to be sure that only one person is logged in then shut down. whenever someone is trying to shut it down, or reboot it. you already now know how to check to see if more than one is logged in, that is enough to get you started. look into how to control shutting down linux. :study: I'm assuming that is systemD https://access.redhat.com/solutions/1580343 |
ok figure the rest of this out
follow these instructions on this page
https://access.redhat.com/solutions/1580343 then using this in a script, Code:
#!/bin/sh |
Quote:
make it nicer if you need to. about lightdm, i don't know, maybe you need to use another (full-featured, not so light) display manager that provides what you need. Quote:
see if others are still logged on - if yes, prevent shutdown, if not, allow it. (*) actually ha, no, i have seen this. probably best if i just give you the search results. |
Linux goes single-user!
Good old Unix supported "who" i.e. utmp (and wtmp). E.g. the CDE tracked it, xterm and dtterm support it, with "last" you could easily report login times. A system reboot logged a "rebooted by ...".
"wall" and "shutdown" informed all logged in users. Why did this stop? Developers of gnome-terminal or mate-terminal are even proud of no longer supporting the utmp. Linux is going to become a single-user OS. |
There is a program out there called 'snoopy' that records everything down to the key strokes someone does. I do not know exactly how detailed it is, but i do know it is detailed, and worth taking a look at.
wrong post, but still good for admin people so I am going to leave it. |
Quote:
Quote:
I don't think the root issue is sudo though. The root issue is not wanting to allow a power down or reboot with multiple users. I looked at the Red Hat work-around. Still thinking about that and thank you. I am looking at ideas such as molly guard too. A challenge is the GUI orientation of the users. They might try to power down or reboot but from a desktop perspective, "nothing happens" because these tools are command line oriented. Needed is a graphical dialog or notification why the power down or reboot aborted. The users are very much GUI oriented. They use the command line under one business need only and even then use PuTTY. Their memory muscle with using Windows is too great and I seem unable to discourage their habit with PuTTY. :) So I rarely expect them to use the command line and sudo to power down or reboot. Pointy-clicky all the way. With the MATE desktop that means a keyboard shortcut and the panel menu button. Most do not know or care about keyboard shortcuts. Users are significantly single-user biased too. The first part of this problem is training. The Conky display should help a tad, but breaking habits is always a challenge. Administratively far more sane to interrupt the power down and reboot requests. I maintain one laptop that is not Linux compatible with respect to ACPI. On that system I created a polkit file that removes the shutdown, reboot/restart, suspend, and hibernate options for non-root users. Works rather nicely but is a sledge hammer approach. I might try something similar but the challenge is invoking those restrictions only with multiple users logged on. That is, with multiple users logged on the respective buttons do not appear in the dialog. A curious problem. :) |
Manjaro, it if I remember correctly ask me if I want to reboot when someone else is logged in. I'm in slack right now, busy, as I'd have to reboot into manjaro to verify that, as from time to time I'll switch ttys and login root, or some such thing, then switch back without login that other one out, so I'll efecttly have more than one user logged in, it doesn't seem to stop it from rebooting but , maybe because I have sudo no passwd but it does remind me I have more than one user logged in.
|
Quote:
|
Quote:
Code:
[userx@manjaroieo ~]$ reboot |
You tried rebooting through the command line. What happens when you try through the desktop options?
|
Quote:
|
Quote:
I think my solution lies with polkit. I started tinkering with that. I can make the dialog buttons disappear, but I haven't learned how to control the dialog buttons dependent upon the number of active users. |
All times are GMT -5. The time now is 01:17 PM. |