Quote:
Originally Posted by Nabeel
I have tried many tutorials but I am unable to achieve this.
|
Please don't say that.
Show it. Trying stuff means you've got URI's of sites you visited, software you installed, steps you took and errors you got. You posted
nothing of that.
Quote:
Originally Posted by Nabeel
Possibally because of my lack of experiance.
|
When you know a wee bit of how your distribution works, read the documentation that comes with the software (and actually follow instructions ;-p) and practice you will never have to say that again.
Quote:
Originally Posted by Nabeel
Could you please provide me with a sort of site which explains this process in detail
|
Uh. I guess that's LQ ;-p Get the pam_script tarball from
http://freecode.com/projects/pam_script, install the gcc compiler and PAM development library if you need to, then compile and install pam_script. Check the README inside libpam-script_0.1.12.tar.gz. Create /etc/security/onsessionopen with contents:
Code:
#!/bin/sh --
echo 'export DISPLAY=":0.0"; /usr/bin/gnome-session-quit --logout >/dev/null 2>&1; sleep 5m; /usr/bin/gnome-session-quit --no-prompt >/dev/null 2>&1' | /usr/bin/at now + 1 hour
exit 0
and make certain the file is owned by user and group root, mode 0755. Locate /etc/pam.d/gdm and add a line in the "session" section:
Code:
session required /lib/security/pam_script.so
For testing change the "now + 1 hour" to read "now + 1 minute" or you'll be waiting too long. Test by logging in as an unprivileged user and run 'atq' in a terminal window. it should show one job. This job can be killed by the user ('at -d %jobspec'). If you don't like that add "runas=root" to the "session required" line then test again. Running 'atq' as root user should now show ('atq; at -c %jobspec') the logout job.
The following things are asserted:
- you use GNOME as Desktop Environment and GDM as greeter. For KDE-3 use something like 'dcop --all-sessions --user ${LOGNAME} ksmserver default logout 0 0 0', for KDE-4 you have to fiddle with 'dbus' or see if you have 'kdehalt'. For XFCE there is 'xfce${VERSION}-session-logout',
- the 'at' service is running and unprivileged users may execute at jobs (see 'man at.allow'),
- none of your $subjects or $serfs should have Sudo, wheel, su, 'ssh root' or equivalent rights,
- you realize killing sessions is a punitive measure and only addresses one symptom: treating the cause would be preferable.