[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Best way to kill a user's X11 session...



On Wednesday, Apr 7, 2004, at 20:21 US/Mountain, Jeff Ross wrote:

Hi all,

Wrapping up the cybercafe project, and what a journey it has been. The whole trip into s/key passwords turned out to be a complete wrong turn, but I've figured out a better, simpler, and I think just as secure, alternative. Details forthcoming soon...

I'd like to be able to remotely kill a user's X11 session without restarting the whole box. Partly I want to do this if a user logs in but then forgets to log out when they go up to the counter to pay, and partly for the option to kill a user's session if they are violating Zen's "No pornography. No exceptions." internet usage policy. If invoked, line via a cgi script using an ssh command, I want to kill the current session, reset everything, including the password, and bring up the Xlogin widgit for the next login.

The man page for xdm talks about an Xreset script that can be used to reset the X server, and that sounds just perfect. Unfortunately, if the Xreset script is on an OpenBSD box I can't find it.

I've tried sending a -HUP to xdm itself, but that didn't work, in fact, I couldn't see a change at all, although I thought it should according to the man page. Killing the user's specific XSession works the first time it is invoked, but after that it locks the box up so hard you can't switch virtual consoles back to the console, nor can you ssh in, forcing a power switch reboot. Unacceptable.

Anybody got a pointer in the general vicinity of the right direction?

Reply to the list, please, for the archives, or use this address to bypass TMDA
jross-dated-1083982724_(_dot_)_d84542_(_at_)_openvistas_(_dot_)_net


Thanks!

Jeff
--
Jeff Ross
Open Vistas Networking, Inc.
http://www.openvistas.net



I got three different ways to accomplish this task. In a private e-mail, I was reminded that killing the process that has the first connection to the Xserver will force the X server itself to exit and restart.

That turned out to be the easiest of the three to implement, thanks largely to OpenBSD's security. That first process is apparently the only process run by the unprivileged user _x11. This one-liner, then, does the job quite nicely.

	sudo kill `ps -aux | grep [_]x11 | cut -c 10-15`


Thanks again. All I have left to do now is add the wireless AP, and how hard can that be with authpf? I hope those aren't "famous last words" :-)


Jeff
--
Jeff Ross
Open Vistas Networking, Inc.
http://www.openvistas.net