Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-09 02:01:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 210
fleet/scripts/mdm/linux/linux-lock.sh
Dante Catalfamo feb32a274a
Linux Mask systemd-user-sessions (#20877) 
#20370

Part 2 to #20699. Apparently `systemd` now automatically deletes
`/etc/nologin` on startup. In the previous PR, rebooting the machine
would remove the nologin file and allow users to login. This PR masks
the service that performs the deletion, preventing it from running.

The message displayed to the user will be what is specified in [this
file](7767896d12/tmpfiles.d/systemd-nologin.conf (L10)).
It's not the best, but I suspect messing with too many systemd files
could come back to bite us in the future if things change, so I'll leave
it as-is.
2024-08-01 10:27:17 -04:00

49 lines
1.4 KiB
Bash
Raw Blame History

#!/bin/sh
# Disable automatic login for common display managers
disable_autologin() {
# GDM (GNOME Display Manager)
if [ -f /etc/gdm3/custom.conf ]; then
sed -i '/^AutomaticLoginEnable/s/^/#/' /etc/gdm3/custom.conf
sed -i '/^AutomaticLogin/s/^/#/' /etc/gdm3/custom.conf
fi
# LightDM
if [ -f /etc/lightdm/lightdm.conf ]; then
sed -i '/^autologin-user=/s/^/#/' /etc/lightdm/lightdm.conf
fi
# Add similar cases for other display managers if needed
}
# Disable automatic login
disable_autologin
# Loop through all users in /etc/passwd
awk -F':' '{ if ($3 >= 1000 && $3 < 60000) print $1 }' /etc/passwd | while read user
do
if [ "$user" != "root" ]; then
echo "Logging out $user"
pkill -KILL -u "$user" # Kill user processes. This will log out logged-in users.
passwd -l "$user" # Lock the user account
fi
done
# Logout any non-passwd users
logged_in=$(users | tr ' ' '\n' | sort | uniq)
for user in $logged_in; do
[ "$user" = "root" ] && continue
echo "Logging out $user"
pkill -KILL -u "$user"
done
# Create the pam_nologin file
echo "Locked by administrator" > /etc/nologin
# Disable systemd-user-sessions, a service that deletes /etc/nologin
if [ -f /usr/lib/systemd/system/systemd-user-sessions.service ]; then
systemctl mask systemd-user-sessions
systemctl daemon-reload
fi
echo "All non-root users have been logged out and their accounts locked."
Reference in a new issue View git blame Copy permalink