summaryrefslogtreecommitdiff
path: root/src/grp-initprogs/systemd-user-sessions
diff options
context:
space:
mode:
Diffstat (limited to 'src/grp-initprogs/systemd-user-sessions')
-rw-r--r--src/grp-initprogs/systemd-user-sessions/Makefile48
-rw-r--r--src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in17
-rw-r--r--src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml75
-rw-r--r--src/grp-initprogs/systemd-user-sessions/user-sessions.c84
4 files changed, 224 insertions, 0 deletions
diff --git a/src/grp-initprogs/systemd-user-sessions/Makefile b/src/grp-initprogs/systemd-user-sessions/Makefile
new file mode 100644
index 0000000000..91c84e46fe
--- /dev/null
+++ b/src/grp-initprogs/systemd-user-sessions/Makefile
@@ -0,0 +1,48 @@
+# -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+# This file is part of systemd.
+#
+# Copyright 2010-2012 Lennart Poettering
+# Copyright 2010-2012 Kay Sievers
+# Copyright 2013 Zbigniew Jędrzejewski-Szmek
+# Copyright 2013 David Strauss
+# Copyright 2016 Luke Shumaker
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+ifneq ($(HAVE_PAM),)
+
+systemd_user_sessions_SOURCES = \
+ src/user-sessions/user-sessions.c
+
+systemd_user_sessions_LDADD = \
+ libsystemd-shared.la
+
+rootlibexec_PROGRAMS += \
+ systemd-user-sessions
+
+nodist_systemunit_DATA += \
+ units/systemd-user-sessions.service
+
+MULTI_USER_TARGET_WANTS += \
+ systemd-user-sessions.service
+
+endif # HAVE_PAM
+
+EXTRA_DIST += \
+ units/systemd-user-sessions.service.in
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in
new file mode 100644
index 0000000000..b4ea5a134b
--- /dev/null
+++ b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in
@@ -0,0 +1,17 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Permit User Sessions
+Documentation=man:systemd-user-sessions.service(8)
+After=remote-fs.target nss-user-lookup.target network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@rootlibexecdir@/systemd-user-sessions start
+ExecStop=@rootlibexecdir@/systemd-user-sessions stop
diff --git a/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml
new file mode 100644
index 0000000000..67aba54119
--- /dev/null
+++ b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+ This file is part of systemd.
+
+ Copyright 2012 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+<refentry id="systemd-user-sessions.service" conditional='HAVE_PAM'>
+
+ <refentryinfo>
+ <title>systemd-user-sessions.service</title>
+ <productname>systemd</productname>
+
+ <authorgroup>
+ <author>
+ <contrib>Developer</contrib>
+ <firstname>Lennart</firstname>
+ <surname>Poettering</surname>
+ <email>lennart@poettering.net</email>
+ </author>
+ </authorgroup>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd-user-sessions.service</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd-user-sessions.service</refname>
+ <refname>systemd-user-sessions</refname>
+ <refpurpose>Permit user logins after boot, prohibit user logins at shutdown</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <para><filename>systemd-user-sessions.service</filename></para>
+ <para><filename>/usr/lib/systemd/systemd-user-sessions</filename></para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><filename>systemd-user-sessions.service</filename> is a
+ service that controls user logins through
+ <citerefentry project='man-pages'><refentrytitle>pam_nologin</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ After basic system initialization is complete, it removes
+ <filename>/run/nologin</filename>, thus permitting logins. Before
+ system shutdown, it creates <filename>/run/nologin</filename>, thus
+ prohibiting further logins.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>pam_nologin</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/src/grp-initprogs/systemd-user-sessions/user-sessions.c b/src/grp-initprogs/systemd-user-sessions/user-sessions.c
new file mode 100644
index 0000000000..3ccb419aee
--- /dev/null
+++ b/src/grp-initprogs/systemd-user-sessions/user-sessions.c
@@ -0,0 +1,84 @@
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <unistd.h>
+
+#include "systemd-basic/fileio-label.h"
+#include "systemd-basic/fileio.h"
+#include "systemd-basic/log.h"
+#include "systemd-basic/selinux-util.h"
+#include "systemd-basic/string-util.h"
+#include "systemd-basic/util.h"
+
+int main(int argc, char*argv[]) {
+
+ if (argc != 2) {
+ log_error("This program requires one argument.");
+ return EXIT_FAILURE;
+ }
+
+ log_set_target(LOG_TARGET_AUTO);
+ log_parse_environment();
+ log_open();
+
+ umask(0022);
+
+ mac_selinux_init();
+
+ if (streq(argv[1], "start")) {
+ int r = 0;
+
+ if (unlink("/run/nologin") < 0 && errno != ENOENT)
+ r = log_error_errno(errno,
+ "Failed to remove /run/nologin file: %m");
+
+ if (unlink("/etc/nologin") < 0 && errno != ENOENT) {
+ /* If the file doesn't exist and /etc simply
+ * was read-only (in which case unlink()
+ * returns EROFS even if the file doesn't
+ * exist), don't complain */
+
+ if (errno != EROFS || access("/etc/nologin", F_OK) >= 0) {
+ log_error_errno(errno, "Failed to remove /etc/nologin file: %m");
+ return EXIT_FAILURE;
+ }
+ }
+
+ if (r < 0)
+ return EXIT_FAILURE;
+
+ } else if (streq(argv[1], "stop")) {
+ int r;
+
+ r = write_string_file_atomic_label("/run/nologin", "System is going down.");
+ if (r < 0) {
+ log_error_errno(r, "Failed to create /run/nologin: %m");
+ return EXIT_FAILURE;
+ }
+
+ } else {
+ log_error("Unknown verb %s.", argv[1]);
+ return EXIT_FAILURE;
+ }
+
+ mac_selinux_finish();
+
+ return EXIT_SUCCESS;
+}