[OpenAFS] Re: X11 logout script

[Andrew Deason]

On Tue, 03 Jun 2014 22:56:02 +0200
Jaap Winius <jwinius@umrk.nl> wrote:

> Some of the the sites that I maintain use an elaborate logout script,  
> located in  /etc/X11/Xreset.d/, that runs as root and contains many  
> sudo commands to make changes to each user's home directory. It works  
> because these directories are made available via NFSv3 (another  
> story), but what if I was using AFS for them (or even NFSv4 with  
> Kerberos)? Is there some way to run an X11 logout script as an  
> unprivileged user, similar to /etc/bash.bash_logout?

It's been a while since I've dealt with anything like this, but it
sounds like you could handle this via Xsession.d instead. Normally
that's for starting session-handling programs in the user's context
(e.g. gpg-agent, ssh-agent, dbus; or krenew I think at some places), but
since you're just waiting for the user's session to end, it could be
used for this. Something like:

$ cat /etc/X11/Xsession.d/51user-logout
if [ -x /usr/local/bin/userlogoutscript ] ; then
  STARTUP="sh -c '$STARTUP ; /usr/local/bin/userlogoutscript'"
fi

Or something like that. The quoting/spacing/etc may get confused with
other STARTUP modifiers, so you may just want to wrap it in a script so
you can specify that like a normal STARTUP command (e.g.
STARTUP="/usr/local/bin/wraplogout $STARTUP"). And obviously I haven't
tested that or used something like that before; just an idea.

Of course, to do anything like that you'd need to divide the "elaborate
logout script" into things that need to actually run as root (which go
in Xreset.d) and things that need to run as the user (which go in
Xsession.d).

Alternatively, it may also be possible to do this with some PAM modules
that could run scripts when the user's session is destroyed, but I've
never done that.

-- 
Andrew Deason
adeason@sinenomine.net