From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=DATE_IN_PAST_12_24, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: from alyss.skarnet.org (alyss.skarnet.org [95.142.172.232]) by inbox.vuxu.org (Postfix) with SMTP id 7CF2E2A727 for ; Sun, 14 Jul 2024 11:10:50 +0200 (CEST) Received: (qmail 1137 invoked by uid 89); 14 Jul 2024 09:11:15 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Received: (qmail 1129 invoked from network); 14 Jul 2024 09:11:14 -0000 Date: Sat, 13 Jul 2024 12:43:15 +0300 From: Peter Pentchev To: Paul Sopka Cc: supervision@list.skarnet.org Subject: Re: s6/s6-rc policy for Gentoo: user session tracking Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="t0AxPNDMvcEu9gq3" Content-Disposition: inline In-Reply-To: --t0AxPNDMvcEu9gq3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 11, 2024 at 04:53:51PM +0200, Paul Sopka wrote: > Since I was not 100% convinced by Turnstile, I made an attempt on a very > simple alternative way to handle user session tracking. >=20 > The (currently very crude) script only runs once on each login and logout > and does the following: >=20 > On login: >=20 > - Possibly create a /run/session/${USER} directory. >=20 > - Possibly start the user supervision tree (from S6/s6-rc or OpenRC, or > anything but itself). >=20 > - If it does not exist, create a file named after the login type (e.g. ss= hd) > at /run/session/${USER}/${LOGIN_TYPE}. >=20 > - Write a line (any content, but just one line) to > /run/session/${USER}/${LOGIN_TYPE}. >=20 > - If the line count in=C2=A0/run/session/${USER}/${LOGIN_TYPE} is 1, star= t the > bundle corresponding to ${LOGIN_TYPE} e.g. sshd. These two last points, if you really decide to implement them like that in the final version, may require some synchronization, e.g. via file locking. It is not impossible (I mean, it is quite unlikely, but especially with automated CI systems not impossible *at all*) for two SSH sessions to come in practically at once, and I have indeed seen shell startup scripts run the same program at the same time. It would be... interesting to have one login session write the first line, then another session immediately write the second one, and then neither of them will find exactly one line in the file :) And same for logout. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@debian.org peter@morpheusly.com PGP key: https://www.ringlet.net/roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 --t0AxPNDMvcEu9gq3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmaSTC0ACgkQZR7vsCUn 3xO8lRAAqiPmUjQjG4FP5cbon1WDmnFtZ6cgT5OPPmurLkEd05Me2ffxCPdUtlrM GiyQa8lwevzBEWeWVvWHV64m462++MtId6zIZ6pCgSwQ+jZtCRUDn9juseI5imxS nORCi8mBA3+yUil5bv85zoERor5M+Kgp7efnvpXKSQou67pH4ocwkANKIrY7veCN K+yqHcUkDB9ydm3u7BFgSm8TLKpBv/4htOWYm+LAjOon9zjlXRXzKM3jzI5jWmxK qMobqhHngRXoNL53I51cp3PD8kmFmoVPZhJaoZx8d2TJ+q05QjNSaMJCW47LrvSD QMpQj1vdfKpMLa571E8kEzk8u4F7PmLuRjxKjmj+I4QHefgVUEgMckVvfobVMtXU JnF2/nWxerOPKAddSSUAz2H/SF3FDvtGkKOZuVl2OxTJZyMjDWDPydnXt1nlzUXK ykCyhuzTj3kYTYYcWu07IFjXuyypo7kzaCL6xI759w8JvVarI0dDCmHY9ipdWmHN QgZKY/XlLakhDLFO/JNcOIqjR9EDDOH+JNVXm9S1ApOjWAby1NZDz5CUfYbsQSGb VeYuGyLoP7vDNlRrZxS7Xt8DCQPH6kFsGDZvka6RakNgtXqNLWtw4peFoXv527O6 bpN3wrN9cy14Q9M3zSP1Tq1adkv25t0pHQWt4Oay2uu6nNlFxGQ= =ecKB -----END PGP SIGNATURE----- --t0AxPNDMvcEu9gq3--