s6/s6-rc policy for Gentoo: user session tracking

[Paul Sopka <psopka@sopka.ch>]

[-- Attachment #1.1.1: Type: text/plain, Size: 3796 bytes --]

Since I was not 100% convinced by Turnstile, I made an attempt on a very 
simple alternative way to handle user session tracking.

The (currently very crude) script only runs once on each login and 
logout and does the following:

On login:

- Possibly create a /run/session/${USER} directory.

- Possibly start the user supervision tree (from S6/s6-rc or OpenRC, or 
anything but itself).

- If it does not exist, create a file named after the login type (e.g. 
sshd) at /run/session/${USER}/${LOGIN_TYPE}.

- Write a line (any content, but just one line) to 
/run/session/${USER}/${LOGIN_TYPE}.

- If the line count in /run/session/${USER}/${LOGIN_TYPE} is 1, start 
the bundle corresponding to ${LOGIN_TYPE} e.g. sshd.

- Otherwise, do not do anything.


On logout:

- Delete 1 line from /run/session/${USER}/${LOGIN_TYPE}.

- If all files in sum have 0 lines, stop all user services.

- Otherwise, do not do anything.


The script can be easily adapted to e.g. stop only the corresponding 
"${LOGIN_TYPE} bundle" once /run/session/${USER}/${LOGIN_TYPE} reaches 0 
lines.

It is supposed to be executed by "pam_exec.so".

It currently expects a s6-rc user-tree to be running as well as 
/run/session/${USER} to exist, but it can be easily adapted to prepare 
both by itself.

Part of the initial idea I got from Jan Braun, here: 
https://skarnet.org/lists/supervision/3132.html.


Here is the (seriously, very crude) script:

#!/bin/execlineb

multisubstitute
{
     importas -Si PAM_SERVICE
     importas -Si PAM_USER
     importas -Si PAM_TYPE

     define SESSIONDIR /run/session
}
define XDG_RUNTIME_DIR /run/user/${PAM_USER}

s6-setuidgid ${PAM_USER}

case ${PAM_TYPE}
{
     open_session
     {
         foreground { redirfd -a 1 
${SESSIONDIR}/${PAM_USER}/${PAM_SERVICE} echo "" }
         backtick -ED 0 COUNTER { grep -c ^ 
${SESSIONDIR}/${PAM_USER}/${PAM_SERVICE} }
         ifelse { test ${COUNTER} -eq 1 }
         {
             s6-rc -l ${XDG_RUNTIME_DIR}/s6-rc start ${PAM_SERVICE}
         }
         exit
     }
     close_session
     {
         foreground { sed -i $d ${SESSIONDIR}/${PAM_USER}/${PAM_SERVICE} }
         elglob SESSIONS ${SESSIONDIR}/${PAM_USER}/*
         backtick -ED 0 COUNTER { pipeline { cat ${SESSIONS} } grep -c ^ }
         foreground { redirfd -w 1 /home/Nanderty/g6log echo ${COUNTER} }
         ifelse { test ${COUNTER} -eq 0 }
         {
             s6-rc -l ${XDG_RUNTIME_DIR}/s6-rc stop alllogins
         }
         exit
     }
}


I currently see the following things this approach allows, that 
Turnstile does not:

- Differentiation between different login methods

- Autostart of user services at boot time, no matter the login state 
(not directly enabled by the script, but possible, since the user 
service tree is up whatsoever).

(Check these mails for reasons to have the two possibilities mentioned 
above:

https://skarnet.org/lists/supervision/3130.html, 
https://skarnet.org/lists/supervision/3114.html, 
https://skarnet.org/lists/supervision/3121.html).

- Not having an additional daemon running.

- Exposing the session information through the filesystem, so that every 
(privileged enough) process that needs to can make use of it.


Of course, Turnstile has a lot of other useful features this does not have.


What do you all think about this approach?

What handling of stopping the user-service bundles do you think is best, 
stopping all on last logout, vs. stopping "all in the sshd bundle" on 
last "sshd logout", ... ?

Any other alternatives?


Paul



[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3195 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]