Forcing logout? (skill -KILL -u a_user)

Hey Folfk,
I have a problem…

I have written a script in order to limit the maximum time that a user can be login on a machine. This is a very simple script that count the number of min a user is logged and then force to logout using the shell command :

skill -KILL -u john

This works but there is a problem : the login screen (that usualy welcome the next user) have desapeared. The screen is completely black…

Do someone have an idea?

Thanks for your help
Arnaud

To begin with, did you read the man page of skill? It encourages you NOT to use skill, but tools like kilall.

Is this about a CLI session or about a GUI session?

In both cases (but particularly whenn it is a GUI session) this is a rather harsh way to stop a user. Designers and programmers of e.g desktop environments do of course try to program for all sorts of contigencies, but you test this to the utmost when you e.g. kill all sorts of KDE processes in a random sequence. I am afraid several things might go wromg here including non saved statuses for the user and things like the one you mention. When you kill all those processes rightout, who of them will start the new Display Manager?

hcvv : thank you for your answer.

I am talking about a GUI session. The screen is lost (black) after the skill -KILL -u command.

Indeed, it might be harsh but (trust me) it is justified. If I am looking for a way to restrict the use of this machine, it is because we have faced problems with one/several user(s)…

Anyway, I need to find a solution to restric the use of the machine. I have tried to install the Kchildlock program but unfortunately without any succes.

Another option would be to kill the web browsers…

Anyway, thanks for your answer.

Arnaud

With “being harsh” I am not that concerned about the users, but about the state this will leave the system in. When you logout “normaly” the processes are stopped in a certain sequence and they are often not killed, but given a signal so they can write their status to disk (for restart next time). is is all fustrated when you just throw the processes out of the window.

Okay I get your point.

So… may be there is a way to force the system (or the user) to logout “normaly”. Am I wrong?

Arnaud

I am thinking about his, but last night I did not get an idea (somtimes when sleeping one gets good ideas ).

Let us also hope someone else comes with a good solution.

Hm, looking around with Google, etc. A few more questions.

. is the user that must be forcely loged out allways loged iin on the console of the system, or can (s)he also be loged in remote?
. when that user is allways loged in localy, is there a possibility that other users are loged in localy at the same time? (they must then not also be loged out shouldn’t they?)
. is this to work regardless of the DE that is used? And when not which DE?

These questions arise after some thinking/testing. From logical console #1 I send a HUP signal to Xorg (owned by root). This killed the complete X and gave a small window with an error which I akknowledged. Then X returned with my open session at logical console #1 and a login screen at logical console #7. Thus the login screen comes back, but I guess that when you do this from a script, nobody aknowledges the error window on #1 and thus #7 stays black (as you reported, you could check this by lookin at #1 when you have that black screen at #7).

Also this of course kills other X sessions at #8, etc. when applicable. And it does not kill remote sessions.
Also I have the strong idea (I will not give the details here, but I can explain what happened when you like that) that this kills KDE (in my case) in such a way that it’s status is not written to disk as it should do on logout (I suggested this allready in an earlier post).

My idea is that we should try to go for a logout of the DE (like you suggested allready) instead of killing X. But then the questions about which DEs we must cater for asked above are important.

Maybe it would help also when you explain a bit more about what you want to stop. You also talk about killing browsers, which is of course not the same as killing a session. Thus I am a bit lost in following your strain of thought here.

Hi,

if you use ‘kquitapp ksmserver’, you’ll leave the current KDE session and get back to the login screen.

HTH

Lenwolf

Are you sure this works from a script run by root in the background? IMHO this can only function when run by the user in a terminal window belonging to the session that window belongs to (else how do discriminate between multiple KDE sessions which each have their own ksmserver?)

Hi,

darn, you’re right, apparently you can’t.

Is it possible, from a root script, to start a script in the user’s environment?

Lenwolf

Hi,

alternatively,

with
ps aux |grep ksmserver |grep <user>
you can get the PID(s) of the ksmserver for that user and use Kill to kill it.

HTH

Lenwolf

Yes, but that has some of the same drawbacks we allready discussed above. KDE is not properly shutdown and does not know what to do on next startup.

Also while you are stopping KDE there is still an unanswered question to the OP if it is about KDE, another DE or all types of DE. IMHO it makes no sense to come with all sorts of KDE solutions when in about a few hourse the OP will tell us that it is all about Gnome

BTW, your method is also rather destructive. When you use it yourself for some reason, I suggest you to go for:

qdbus org.kde.ksmserver /KSMServer logout 0 0 0

It will shutdown properly (inclusing the “music”) as if you clicked the proper button.
But again this can only be done by the user from within his session. All very logical from a security point of view. I succeeded doing it from a console root CLI session, but it still needs cooperation from the user. And that cooperation is not easy to get if I understand the OP’s problem.

Lenwolf, hcvv,

Thank you very much for the hints…

I am exploring the following idea : killing all the browsers open under the session - this will discourage the user to continue surfing the web and so… leaving the session.

I will also explore the idea of closing the session via the “kquitapp ksmserver” command. This will surely take me some time since I am not a computer scientist - maintening the computers is not what I am paied for!

Anyway, I will let you know my conclusions about it.

Thanks again for your help!

Arnaud

That is all very nice, but I asked you some questions and in the meantime did some further investigations.
By not answering those questions, are you saying that we can stop looking for a solution?

hcvv : My script is almost working but… of course if you have other idea, I will be very happy to read more about it!

Here are the answers of your questions :

1- The user indeed always logged on the console of the system. He never open a CLI session

2- Other people can endeed be logged in at the same time. They have to stay logged in!

3- Well… I don’t know what you mean by DE… (sorry )

Arnaud

DE is Desktop Environment, KDE, Gnome, other, all of hem. It is no use to make a solution to log out of KDE when the user uses Gnome. Hope you understand this.

Then, when it is KDE, do not use

kquitapp ksmserver

but

qdbus org.kde.ksmserver /KSMServer logout 0 0 0

because the first kills (and we talked allready about poblems when you kill) and the second logs out. Try it. Open a terminal in a KDE session and use the statement above. It will log you out in the same way as when you click the appropriate button.

Now the problem is that I tried this from outside the KDE session (as it would be done in a script run by root) and that does not function because of security features. I found a solution, but that does not seem to work 100% (to my amazement).

But I found a somewhat differnt solution at Gentoo Forums :: View topic - kde4_shutdown.sh script for stopping KDE4 session, saving it.
I did not test that script. Also the first line of that script should read

#!/bin/bash

imho.
I do not know if you can manage by adapting that script because I do not know your knowledge level.

You are again talking about killing browsers. As long as you do not explain what you are realy after (I asked for that also earlier), I can not comment on that. But again you should first analyze what you want and ask yourself questions like:
. what is a browser (maybe more programs then you know about);
. what if a browser window just sits iconized and the user is writing an OO document;
. more …

On Tue, 22 Feb 2011 22:06:01 +0530, hcvv <hcvv@no-mx.forums.opensuse.org>
wrote:

>
> DE is Desktop Environment, KDE, Gnome, other, all of hem. It is no use
> to make a solution to log out of KDE when the user uses Gnome. Hope you
> understand this.
>
> Then, when it is KDE, do not use
>
> Code:
> --------------------
> kquitapp ksmserver
> --------------------
>
> but
>
> Code:
> --------------------
> qdbus org.kde.ksmserver /KSMServer logout 0 0 0
> --------------------
>
> because the first kills (and we talked allready about poblems when you
> kill) and the second logs out. Try it. Open a terminal in a KDE session
> and use the statement above. It will log you out in the same way as when
> you click the appropriate button.
>
> Now the problem is that I tried this from outside the KDE session (as
> it would be done in a script run by root) and that does not function
> because of security features. I found a solution, but that does not seem
> to work 100% (to my amazement).
>
> But I found a somewhat differnt solution at ‘Gentoo Forums :: View
> topic - kde4_shutdown.sh script for stopping KDE4 session, saving it’
> (http://forums.gentoo.org/viewtopic-t-832639.html).
> I did not test that script. Also the first line of that script should
> read
>
> Code:
> --------------------
> #!/bin/bash
> --------------------
> imho.
> I do not know if you can manage by adapting that script because I do
> not know your knowledge level.
>
> You are again talking about killing browsers. As long as you do not
> explain what you are realy after (I asked for that also earlier), I can
> not comment on that. But again you should first analyze what you want
> and ask yourself questions like:
> . what is a browser (maybe more programs then you know about);
> . what if a browser window just sits iconized and the user is writing
> an OO document;
> . more …

i’m not sure if i understand the original poster correctly, but i get the
impression that he has users that want to use the system at hours they
aren’t supposed to be using it.

i dont’ think forcibly closing their browsers would work, since nothing
would prevent them from re-opening the browser afterwards; setting a
cron-job to close the browser every 5 min or something seems just too
messy. apart from that, they could install another browser – haven’t
tried that, but you could probably do that in your user-space w/o root
permission – and the script wouldn’t know about that. this would result
in some kind of game, the unruly users always trying to be one step ahead
of the sys.admin…

that he wants to close their browser seems to indicate that they’re mainly
using the system for internet tasks, browsing or playing games perhaps. in
that case, he could use a proxy server like squid, which can limit user
access to different days / times of day, and there can be different
permissions for different users or groups of users.

i don’t have squid installed at present, but i do remember that these
options can be set in it’s config. files. if my understanding of the
problem is correct, this might be worth a try.

–
phani.

@phanisvara
You are correct, but as long as we do not know what the OP realy wants to achieve, it is all speculation and it is thus difficult for others to suggest solutions to his real problem.

Hi,
You got the point : the problem is that someone uses our workstation for browsing the internet when he should not. (by the way, the DE is KDE)

I am not an expert in computing but writing a Python script and using a cron-job, it is something that I can do it. Playing with the proxy parameters… well… I am afraid that it will take me too much time since I don’t know anything about it.

Anyway, it might look to messy to kill the browser but this is the option I have chose at the time. I am not afraid about the user will install an internet browser under his account - it is much more over his knowleges!

I will also try this “qdbus org.kde.ksmserver /KSMServer logout 0 0 0” tomorrow. If it works, it might give me more ideas…

Phani, hcvv : Thank’s a lot for your help. It help me to clarifies my thoughts!

Arnaud

Thanks for the explanation.

The following could be to restricting, but when this is the only user of the system and he may not “browse the Internet”, which is in fact "he may not use the http and https protocols, why not block the system from doing so on the firewall?

You could block outgoing http (80) and https (443) traffic from the system and nobody can use whatever browser.