I have a Ubuntu server that handles remote X sessions from users. However, I don't want to allow users to run any kind of background processes - so here is my question:
How do I prevent users from having any background process or is there any simple way to kill processes of users that aren't logged in?
I do something similar on my servers. The general gist of it is this
1) Add to /etc/pam.d/login at the bottom of the session items:
session optional pam_exec.so quiet /etc/pam_session.sh 2) Then create /etc/pam_session.sh as (and chmod +x):
#!/bin/bash [[ "$PAM_USER" == "root" ]] && exit 0 SESSION_COUNT="$(w -h "$PAM_USER" | wc -l)" if (( SESSION_COUNT == 0 )) && [[ "$PAM_TYPE" == "close_session" ]]; then pkill -u "$PAM_USER" fi If you want, you could add something like sleep 5; pkill -9 -u "$PAM_USER" after the pkill to ensure that it's really dead.
This will only get invoked when login shells exit, so it wont affect automated system activity. However if you want to be even safer, you could add a check for something like the UID being greater than 1000.
You could use this command to find out what users are logged into the system and kill them:
$ who | awk '{ printf ("%s",$1 "\n"); }' | \ grep -v root | xargs -I {} -t pkill -u $1{} It would need to be gated with when to run though, perhaps:
$ ps -eaf | egrep -q [g]nome-session || who | \ awk '{ printf ("%s",$1 "\n"); }' | \ grep -v root | xargs -I {} -t pkill -u $1{} It's an idea, but I think it needs further refinement.
grep -v root into awk '! /root/ { ... } or even simply awk '$1 != "root"'
ulimit.