我在用户登录时发送系统通知时遇到问题 (KDE Plasma) (Arch Linux) [英] I'm having problems sending a system notification upon user login (KDE Plasma) (Arch Linux)

问题描述

我试图在通过 PAM 登录时发送通知，但我不知道如何将其发送给正在登录的用户.

Im trying to send a notification upon login via PAM, but i cant figure out how to send it to the user that is logging in.

我正在配置我的 PAM 以在每次用户登录时执行脚本.问题是如果有任何登录尝试，我需要发送通知(这是我尝试添加的更大安全性的一部分，其中我的笔记本电脑在登录失败时使用网络摄像头拍照，并在我再次登录时通知我，因为我的同学出于某种原因喜欢尝试猜测我的密码).问题是我的 .sh 文件中发送用户通知的行将其发送到 root，因为那是执行脚本的用户"，我希望我的脚本将通知发送给我的当前用户(称为andreas"))，但我在弄清楚这一点时遇到了问题.

I'm configuring my PAM to execute a script every time a user logs in. The problem is i need to send a notification if there have been any login attempts (its part of a bigger security thing im trying to add, where my laptop takes a picture with the webcam upon failed logins, and notifies me when i log in again, since my classmates like to try and guess my password for some reason). The problem is that the line in my .sh file, which sends a user notification, sends it to root since thats the 'user' that executes the script, i want my script to send the notification to my current user (called "andreas"), but im having problems figuring this out.

这是我添加到 PAM 文件系统登录末尾的行:

Here is the line i added to the end of the PAM file system-login:

auth       [default=ignore]                pam_exec.so /etc/lockCam/call.sh

这是 call.sh 文件:

And here is the call.sh file:

#!/bin/sh

/etc/lockCam/notifier.sh &

我调用另一个文件的原因是因为我希望它在登录过程继续时在后台运行，这样登录过程不会减慢登录速度.

The reason im calling another file is because i want it to run in the background WHILE the login process continues, that way the process doesnt slow down logging in.

这是然后执行的脚本:

#!/bin/sh

#sleep 10s

echo -e "foo" > "/etc/lockCam/test"
#This line is simply to make sure that i know that my script was executed

newLogins=`sed -n '3 p' /etc/lockCam/lockdata`

if [ $newLogins -gt 0 ]
then
    su andreas -c ' notify-send --urgency=critical --expire-time=6000 "Someone tried to log in!" "$newLogins new lockCam images!" && exit'
    callsInRow=`sed -n '2 p' /etc/lockCam/lockdata`
    crntS=$(date "+%S")
    crntS=${crntS#0}
    crntM=$(date "+%M")
    crntM=${crntM#0}
    crntH=$(date "+%H")
    crntH=${crntH#0}
    ((crntTime = $crntH \* 60 \* 60 + $crntM \* 60 + $crntS ))
    #This whole process is absolutely stupid but i cant figure out a better way to make sure none of the integers are called "01" or something like that, which would trigger an error
    echo -e "$crntTime\n$callsInRow\n0" > "/etc/lockCam/lockdata"
fi

exit 0

这就是我认为我的错误所在，su andreas -c ...."行很可能格式错误或我做错了其他事情，除了没有显示通知之外，所有内容都在登录时执行.如果我在已经登录的情况下从终端执行脚本，则也不会发出通知，除非我删除su andreas -c"部分并简单地执行notify-send..."，但在以下情况下不会发出通知我登录了，我认为那是因为通知发送给了 root 用户，而不是andreas".

And this is where i THINK my error is, the line "su andreas -c...." is most likely formatted wrong or im doing something else wrong, everythin is executed upon login EXCEPT the notification doesnt show up. If i execute the script from a terminal when im already logged in there is no notification either, unless i remove the "su andreas -c" part and simply do "notify-send...", but that doesnt send out a notification when i log in, and i think thats because the notification is sent to the root user, and not "andreas".

推荐答案

我认为你的 su 需要传递桌面用户 DBUS 会话总线地址.总线地址可以轻松获取并用于 X11 用户会话，但 Wayland 具有更严格的安全性，对于 Wayland 而言，用户会话实际上必须运行代理才能接收消息.(您是否考虑过发送电子邮件可能更容易?)

I think your su needs to be passed the desktop users DBUS session bus address. The bus address can be easily obtained and used for X11 user sessions, but Wayland has tighter security, for Wayland the user session actually has to run up proxy to receive the messages. (Had you considered it might be easier to send an email?)

我在 github 上有 notify-desktop gist 适用于 X11，也应该适用于Wayland(假设代理正在运行).为完整起见，我已将脚本的源代码附加到这篇文章中，对其进行了广泛的评论，我认为它包含让您自己的代码工作所必需的部分.

I have notify-desktop gist on github that works for X11 and should also work on Wayland (provided the proxy is running). For completeness I've appended the source code of the script to this post, it's extensively commented, I think it contains the pieces necessary to get you own code working.

#!/bin/bash
# Provides a way for a root process to perform a notify send for each
# of the local desktop users on this machine.
#
# Intended for use by cron and timer jobs. Arguments are passed straight
# to notify send.  Falls back to using wall.  Care must be taken to
# avoid using this script in any potential fast loops.
#
# X11 users should already have a dbus address socket at /run/user/<userid>/bus
# and this script should work without requiring any initialisation. Should
# this not be the case, X11 users could initilise a proxy as per the wayland
# instructions below.
#
# Due to stricter security requirments Wayland lacks an dbus socket 
# accessable to root.   Wayland users will need to run a proxy to 
# provide root with the necessary socket.  Each user can must add
# the following to a Wayland session startup script:
#
#      notify-desktop --create-dbus-proxy
#
# That will start xdg-dbus-proxy process and make a socket available under:
#      /run/user/<userid>/proxy_dbus_<desktop_sessionid>
#
# Once there is a listening socket, any root script or job can pass
# messages using the syntax of notify-send (man notify-send).
#
# Example messages
#      notify-desktop -a Daily-backup -t 0 -i dialog-information.png "Backup completed without error"
#      notify-desktop -a Remote-rsync -t 6000 -i dialog-warning.png "Remote host not currently on the network"
#      notify-desktop -a Daily-backup -t 0 -i dialog-error.png "Error running backup, please consult journalctl"
#      notify-desktop -a OS-Upgrade -t 0 -i dialog-warning.png "Update in progress, do not shutdown until further completion notice."
#
# Warnings:
#      1) There has only been limited testing on wayland
#      2) There has only been no testing for multiple GUI sessions on one desktop
#

if [ $1 == "--create-dbus-proxy" ]
then
    if [ -n "$DBUS_SESSION_BUS_ADDRESS" ]
    then
        sessionid=$(cat /proc/self/sessionid)
        xdg-dbus-proxy $DBUS_SESSION_BUS_ADDRESS /run/user/$(id -u)/proxy_dbus_$sessionid &
        exit 0
    else
        echo "ERROR: no value for DBUS_SESSION_BUS_ADDRESS environment variable - not a wayland/X11 session?"
        exit 1
    fi
fi


function find_desktop_session {
    for sessionid in $(loginctl list-sessions --no-legend | awk '{ print $1 }')
    do 
        loginctl show-session -p Id -p Name -p User -p State -p Type -p Remote -p Display $sessionid | 
            awk -F= '
                /[A-Za-z]+/ { val[$1] = $2; } 
                END { 
                    if (val["Remote"] == "no" && 
                    val["State"] == "active" && 
                    (val["Type"] == "x11" || val["Type"] == "wayland")) {
                        print val["Name"], val["User"], val["Id"];
                    } 
                }'
    done
}

count=0
while read -r -a desktop_info
do
    if [ ${#desktop_info[@]} -eq 3 ]
    then
        desktop_user=${desktop_info[0]}
        desktop_id=${desktop_info[1]}
        desktop_sessionid=${desktop_info[2]}
        proxy_bus_socket="/run/user/$desktop_id/proxy_dbus_$desktop_sessionid"
        if [ -S $proxy_bus_socket ]
        then
            bus_address="$proxy_bus_socket"
        else
            bus_address="/run/user/$desktop_id/bus"
        fi
        sudo -u $desktop_user DBUS_SESSION_BUS_ADDRESS="unix:path=$bus_address" notify-send "$@" 
        count=$[count + 1]
    fi
done <<<$(find_desktop_session)

# If no one has been notified fall back to wall
if [ $count -eq 0 ]
then
    echo "$@" | wall
fi

# Don't want this to cause a job to stop
exit 0

这篇关于我在用户登录时发送系统通知时遇到问题 (KDE Plasma) (Arch Linux)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！