diff options
Diffstat (limited to 'src/grp-initprogs/systemd-user-sessions')
4 files changed, 224 insertions, 0 deletions
| diff --git a/src/grp-initprogs/systemd-user-sessions/Makefile b/src/grp-initprogs/systemd-user-sessions/Makefile new file mode 100644 index 0000000000..66fa3b7059 --- /dev/null +++ b/src/grp-initprogs/systemd-user-sessions/Makefile @@ -0,0 +1,48 @@ +#  -*- Mode: makefile; indent-tabs-mode: t -*- +# +#  This file is part of systemd. +# +#  Copyright 2010-2012 Lennart Poettering +#  Copyright 2010-2012 Kay Sievers +#  Copyright 2013 Zbigniew Jędrzejewski-Szmek +#  Copyright 2013 David Strauss +#  Copyright 2016 Luke Shumaker +# +#  systemd is free software; you can redistribute it and/or modify it +#  under the terms of the GNU Lesser General Public License as published by +#  the Free Software Foundation; either version 2.1 of the License, or +#  (at your option) any later version. +# +#  systemd is distributed in the hope that it will be useful, but +#  WITHOUT ANY WARRANTY; without even the implied warranty of +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +#  Lesser General Public License for more details. +# +#  You should have received a copy of the GNU Lesser General Public License +#  along with systemd; If not, see <http://www.gnu.org/licenses/>. +include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk +include $(topsrcdir)/build-aux/Makefile.head.mk + +ifneq ($(HAVE_PAM),) + +systemd_user_sessions_SOURCES = \ +	src/user-sessions/user-sessions.c + +systemd_user_sessions_LDADD = \ +	libshared.la + +rootlibexec_PROGRAMS += \ +	systemd-user-sessions + +nodist_systemunit_DATA += \ +	units/systemd-user-sessions.service + +MULTI_USER_TARGET_WANTS += \ +	systemd-user-sessions.service + +endif # HAVE_PAM + +EXTRA_DIST += \ +	units/systemd-user-sessions.service.in + +include $(topsrcdir)/build-aux/Makefile.tail.mk diff --git a/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in new file mode 100644 index 0000000000..b4ea5a134b --- /dev/null +++ b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.in @@ -0,0 +1,17 @@ +#  This file is part of systemd. +# +#  systemd is free software; you can redistribute it and/or modify it +#  under the terms of the GNU Lesser General Public License as published by +#  the Free Software Foundation; either version 2.1 of the License, or +#  (at your option) any later version. + +[Unit] +Description=Permit User Sessions +Documentation=man:systemd-user-sessions.service(8) +After=remote-fs.target nss-user-lookup.target network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootlibexecdir@/systemd-user-sessions start +ExecStop=@rootlibexecdir@/systemd-user-sessions stop diff --git a/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml new file mode 100644 index 0000000000..67aba54119 --- /dev/null +++ b/src/grp-initprogs/systemd-user-sessions/systemd-user-sessions.service.xml @@ -0,0 +1,75 @@ +<?xml version="1.0"?> +<!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> +<!-- +  This file is part of systemd. + +  Copyright 2012 Lennart Poettering + +  systemd is free software; you can redistribute it and/or modify it +  under the terms of the GNU Lesser General Public License as published by +  the Free Software Foundation; either version 2.1 of the License, or +  (at your option) any later version. + +  systemd is distributed in the hope that it will be useful, but +  WITHOUT ANY WARRANTY; without even the implied warranty of +  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +  Lesser General Public License for more details. + +  You should have received a copy of the GNU Lesser General Public License +  along with systemd; If not, see <http://www.gnu.org/licenses/>. +--> +<refentry id="systemd-user-sessions.service" conditional='HAVE_PAM'> + +  <refentryinfo> +    <title>systemd-user-sessions.service</title> +    <productname>systemd</productname> + +    <authorgroup> +      <author> +        <contrib>Developer</contrib> +        <firstname>Lennart</firstname> +        <surname>Poettering</surname> +        <email>lennart@poettering.net</email> +      </author> +    </authorgroup> +  </refentryinfo> + +  <refmeta> +    <refentrytitle>systemd-user-sessions.service</refentrytitle> +    <manvolnum>8</manvolnum> +  </refmeta> + +  <refnamediv> +    <refname>systemd-user-sessions.service</refname> +    <refname>systemd-user-sessions</refname> +    <refpurpose>Permit user logins after boot, prohibit user logins at shutdown</refpurpose> +  </refnamediv> + +  <refsynopsisdiv> +    <para><filename>systemd-user-sessions.service</filename></para> +    <para><filename>/usr/lib/systemd/systemd-user-sessions</filename></para> +  </refsynopsisdiv> + +  <refsect1> +    <title>Description</title> + +    <para><filename>systemd-user-sessions.service</filename> is a +    service that controls user logins through +    <citerefentry project='man-pages'><refentrytitle>pam_nologin</refentrytitle><manvolnum>8</manvolnum></citerefentry>. +    After basic system initialization is complete, it removes +    <filename>/run/nologin</filename>, thus permitting logins. Before +    system shutdown, it creates <filename>/run/nologin</filename>, thus +    prohibiting further logins.</para> +  </refsect1> + +  <refsect1> +    <title>See Also</title> +    <para> +      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, +      <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, +      <citerefentry project='man-pages'><refentrytitle>pam_nologin</refentrytitle><manvolnum>8</manvolnum></citerefentry> +    </para> +  </refsect1> + +</refentry> diff --git a/src/grp-initprogs/systemd-user-sessions/user-sessions.c b/src/grp-initprogs/systemd-user-sessions/user-sessions.c new file mode 100644 index 0000000000..639c0200e6 --- /dev/null +++ b/src/grp-initprogs/systemd-user-sessions/user-sessions.c @@ -0,0 +1,84 @@ +/*** +  This file is part of systemd. + +  Copyright 2010 Lennart Poettering + +  systemd is free software; you can redistribute it and/or modify it +  under the terms of the GNU Lesser General Public License as published by +  the Free Software Foundation; either version 2.1 of the License, or +  (at your option) any later version. + +  systemd is distributed in the hope that it will be useful, but +  WITHOUT ANY WARRANTY; without even the implied warranty of +  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +  Lesser General Public License for more details. + +  You should have received a copy of the GNU Lesser General Public License +  along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <errno.h> +#include <unistd.h> + +#include "basic/fileio-label.h" +#include "basic/fileio.h" +#include "basic/log.h" +#include "basic/selinux-util.h" +#include "basic/string-util.h" +#include "basic/util.h" + +int main(int argc, char*argv[]) { + +        if (argc != 2) { +                log_error("This program requires one argument."); +                return EXIT_FAILURE; +        } + +        log_set_target(LOG_TARGET_AUTO); +        log_parse_environment(); +        log_open(); + +        umask(0022); + +        mac_selinux_init(); + +        if (streq(argv[1], "start")) { +                int r = 0; + +                if (unlink("/run/nologin") < 0 && errno != ENOENT) +                        r = log_error_errno(errno, +                                            "Failed to remove /run/nologin file: %m"); + +                if (unlink("/etc/nologin") < 0 && errno != ENOENT) { +                        /* If the file doesn't exist and /etc simply +                         * was read-only (in which case unlink() +                         * returns EROFS even if the file doesn't +                         * exist), don't complain */ + +                        if (errno != EROFS || access("/etc/nologin", F_OK) >= 0) { +                                log_error_errno(errno, "Failed to remove /etc/nologin file: %m"); +                                return EXIT_FAILURE; +                        } +                } + +                if (r < 0) +                        return EXIT_FAILURE; + +        } else if (streq(argv[1], "stop")) { +                int r; + +                r = write_string_file_atomic_label("/run/nologin", "System is going down."); +                if (r < 0) { +                        log_error_errno(r, "Failed to create /run/nologin: %m"); +                        return EXIT_FAILURE; +                } + +        } else { +                log_error("Unknown verb %s.", argv[1]); +                return EXIT_FAILURE; +        } + +        mac_selinux_finish(); + +        return EXIT_SUCCESS; +} | 
