Catching user switching and getting current active user from root on linux

[mpnordland]

I have situation where I need to be able to get the current active
user, and catch user switching eg user1 locks screen, leaves computer,
user2 comes, and logs on.
basically, when there is any type of user switch my script needs to
know.

 

[Tim Harig]

I have situation where I need to be able to get the current active
user, and catch user switching eg user1 locks screen, leaves computer,
user2 comes, and logs on.
basically, when there is any type of user switch my script needs to
know.

Well you could use inotify to trigger on any changes to /var/log/wtmp.
When a change is detected, you could check of deltas in the output of "who
-a" to figure out what has changed since the last time wtmp triggered.

 

[James Mills]

Well you could use inotify to trigger on any changes to /var/log/wtmp.
When a change is detected, you could check of deltas in the output of "who
-a" to figure out what has changed since the last time wtmp triggered.

This is a good idea and you could also
make use of the following library:

http://pypi.python.org/pypi?:action=search&term=utmp&submit=search

cheers
James

 

[Tim Golden]

I have situation where I need to be able to get the current active
user, and catch user switching eg user1 locks screen, leaves computer,
user2 comes, and logs on.
basically, when there is any type of user switch my script needs to
know.

If it's Windows you're on, have a look at this:

http://timgolden.me.uk/python/win32_how_do_i/track-session-events.html

TJG

 

[Grant Edwards]

I have situation where I need to be able to get the current active
user,

How do you define "current active user"?

and catch user switching eg user1 locks screen, leaves computer,
user2 comes, and logs on. basically, when there is any type of user
switch my script needs to know.

What do you do when there are multiple users logged in?

 

[Mark Wooding]

What do you do when there are multiple users logged in?

In case it's not clear: this situation doesn't just occur on `exotic'
systems like Unix servers. Even Windows systems can have several people
logged into the console (with one active, using `fast user switching')
and another one or two connected using terminal services.

-- [mdw]

 

[mpnordland]

sorry, I've been busy, it's on linux, and current active user is the
user currently using the computer. My program needs to switch log
files when a different user starts using the computer.

 

[mpnordland]

about the pyutmp, is the most recent entry at the top or bottom of the
file?

 

[Tim Chase]

it's on linux, and current active user is the user currently
using the computer. My program needs to switch log files when
a different user starts using the computer.

The problem is that multiple users can be logged on at the same
time. You might be able to come up with a solution that works
for a small set of use-cases, but I admin several Linux boxes
where multiple people can be logged-in at the same time. There
are also some multi-head arrangements (multiple
keyboards/mice/monitors and sometimes even sound-cards attached
to the same motherboard) and people can log into each "terminal"
(if you will) concurrently, all on the same box. So if I'm using
the computer, and a co-worker logs in, I'm still using it at the
same time you might catch the "new user logged in" event.

Watching wtmp (or possibly /var/log/auth) can capture the "hey,
somebody logged in" event, but that doesn't mean that other
previous users are done with their sessions.


-tkc

 

[Tim Harig]

Mr. Chase, I really wouldn't even bother wasting my time on this one.
He asked an incomplete question to start with; so, the replies that
he received were insufficient to solve his problem. He still has not
provided enough information to know how to answer his question propery.
He doesn't understand a sacastic reply when he hears one, he doesn't
understand the concept of a multi-user operating system, and he doesn't
understand the concept of how usenet threads work. Until he demonstrates
some intelligence, I would say that he has flunked the Turing test.

 

[Steven D'Aprano]

sorry, I've been busy, it's on linux, and current active user is the
user currently using the computer. My program needs to switch log files
when a different user starts using the computer.

I think you have missed what people are trying to tell you: if you're
running Linux, you may have more than one human being logged into and
using the computer AT THE SAME TIME. You can also have a single human
being logged into the computer as more than one user, and one user being
used by multiple human beings.

As we speak, I am logged into my Linux computer eight times, five times
as myself (two GUI sessions, just to prove I can do it, plus three
terminals), two times as root, and one time as another user; my wife's
computer has two people logged in simultaneously (me and her); I'm also
logged into a server at work, which currently lists eight people logged
in twenty-one times between them.

Perhaps you should explain what problem you are trying to solve, rather
than how you think you should solve it ("catch the user switching").

 

[mpnordland]

I think I do understand multiuser systems, although I'm sorry I did
not make my self clear. Yes, I understand that there can be multiple
people logged in, and yes if you really wanted to, you could login as
yourself as many times as you want. This is not a server based
program, it is intended for use in a normal environment. The people
using it will probably not be logging in multiple times as themselves,
or someone else. The problem I have is I want monitor what sites the
user visits, I need to know what sites were accessed by which user.
So, a way to find which user is requesting what url is what I want.
Have I passed the Turing test?

 

[Carl Banks]

I think I do understand multiuser systems, although I'm sorry I did
not make my self clear. Yes, I understand that there can be multiple
people logged in, and yes if you really wanted to, you could login as
yourself as many times as you want. This is not a server based
program, it is intended for use in a normal environment. The people
using it will probably not be logging in multiple times as themselves,
or someone else. The problem I have is I want monitor what sites the
user visits, I need to know what sites were accessed by which user.
So, a way to find which user is requesting what url is what I want.
Have I passed the Turing test?

Install a web proxy.

In a pinch you can stat /dev/console to see who the owner is, which I
think was what they did last time I looked.

If you're ambitious there's some stuff you can do with netfilter to
attach user ids to network packets which you might be able to read
with your logging software. How are you logging web site accesses
anyway? That would be helpful to know.


Carl Banks

 

[Tim Harig]

I think I do understand multiuser systems, although I'm sorry I did
not make my self clear. Yes, I understand that there can be multiple
people logged in, and yes if you really wanted to, you could login as

Apparantly you do not. There is nothing that prevents me from downloading
from the web when I am not even at the computer. The point people are
making is that there is no such thing as a single active user. Any user
that has a running process is active. Somebody is not going to appreciate
getting fired because somebody else scheduled a porn download at a time
when they happened to be flagged as the current user.

yourself as many times as you want. This is not a server based
program, it is intended for use in a normal environment. The people

There is nothing definitive about a so-called "normal" enviroment and
since you didn't really specify anything, we had go make assumtpions
for ourselves.

Note also that a server is a piece of software, it need not be running
on server class hardware. There are probably several local servers
running on your system right now.

As is commonly the case, the reason that you are having trouble with this
problem is that you are trying to solve it wrong in the first place.
You told us how you thought you should solve it which meant that we
couldn't help you because we didn't know what problem you were trying to
solve in the first place. For future reference, always give a 10,000ft
explanation of the problem that you are actually trying to solve rather
then just the microcosm of the problem that you feel is relevant.

or someone else. The problem I have is I want monitor what sites the
user visits, I need to know what sites were accessed by which user.
So, a way to find which user is requesting what url is what I want.

As Carl has already pointed out, an authenticated proxy is the proper
way to get the individualized logging that you are looking for.
It is capable of logging each connection (including software from
which you might not have anticipated) with its own identified user of
origin. Even when several users are accessing the network at once, the
network connections can be tied directly to the person who initated
the connection. Users cannot use somebody elses connection without
their authentication credentials.

With a little bit of scripting, the browser can be configured to
automatically use the user's credentials whenever the user account is
created so that the user never needs to enter their credentials manually
after logging in to their account. All connections that attempt to
bypass the proxy should be firewalled.

Have I passed the Turing test?

You still don't seem to understand how to use threads. Heres a clue:
find a decent usenet client that actually displays them by default. Or,
if you can't manage to get rid of that junky interface that is Google
Groups, at least select the option to view as a tree. Then you might
be able to actually post your replies in the proper thread rather then
just appending on the the person who last posted.

 

[Steve Holden]

I give up, I will never try to use a usenet group again. For the ones
of you who tried to help thank you. You helped to identify some of my
troubles, as for you @usernet, you are a troll

Don't give up after one experience. Usenet can be really useful as long
as you know who to listen to and who to ignore ...

regards
Steve

 

[Steve Holden]

I give up, I will never try to use a usenet group again. For the ones
of you who tried to help thank you. You helped to identify some of my
troubles, as for you @usernet, you are a troll

Don't give up after one experience. Usenet can be really useful as long
as you know who to listen to and who to ignore ...

regards
Steve

 

[mpnordland]

ok, I'll give one more chance.
First, to pacify those who hate google groups: What is a good usenet
client?
second, How should I set up this proxy so that when a connection is
made, it request's authentication, and then log's the request, if
authentication is not gotten, how do I have it block (or firewall) the
request? Furthermore, I would like for the proxy to be squid. So all
of the nitty gritty should have to do with squid.

 

[Emile van Sebille]

On 12/22/2010 11:28 AM mpnordland said...

ok, I'll give one more chance.

.... which probably won't be enough -- this is potentially a huge
question you're asking with lots of little bits to put together. I have
an installation where I did somthing similar seven-ish years ago using
squid, squidguard, blacklists from Université Toulouse in France,
python, iptables, sql, php, zope, bash, and who knows what else. It
authenticates, logs, tracks, blocks, unblocks, reports activity on an
automated In and Out board by user, provides historical stats, automates
new user setup and invalidation, and probably more. I put maybe a week
or two into it initially, and about the same again over the years adding
to it.

First, to pacify those who hate google groups: What is a good usenet
client?

I use thunderbird to access gmane groups.

second, How should I set up this proxy so that when a connection is
made, it request's authentication, and then log's the request, if
authentication is not gotten, how do I have it block (or firewall) the
request? Furthermore, I would like for the proxy to be squid. So all
of the nitty gritty should have to do with squid.

.... and that's where I'd start looking. Check out the current status of
Squid to see how much of what you want can be done out of the box. When
you hit the limits of what it'll do for you, start writing glue to fill
in the puzzle.

HTH,

Emile

 

[Steve Holden]

ok, I'll give one more chance.
First, to pacify those who hate google groups: What is a good usenet
client?

Thunderbird is OK for me (I follow about three groups normally). I
access the comp.lang.python group vie the Gmane ("Main") service, where
for some strange resaon best known to the gmane admins it is called
gmane.comp.python.general. Ho, hum.

I seem to remember Outlook Express was a fairly decent NNTP client as
well, and Tim Peters says I'm not just blowing smoke up your ass.

second, How should I set up this proxy so that when a connection is
made, it request's authentication, and then log's the request, if
authentication is not gotten, how do I have it block (or firewall) the
request? Furthermore, I would like for the proxy to be squid. So all
of the nitty gritty should have to do with squid.

I would recommend you take a look at the Spambayes code, which does all
that sort of stuff apparently quite reliably.

If you aren't yet proficient enough with Python to understand the code
on your own look for a Python Meetup or a local or regional conference
to meet people who will helpyou answer your questions.

Increasingly there are workspaces like HacDC springing up to give people
access to advanced technologies at everyday prices. You could look for
such a group locally. There's lots of energy from people once they
realise that what gets built can help them.

Squid is a different matter. For that, probably if you go on an IRC
channel (freenode.net is what I use, but others have their favorites).
Maybe #squid?

regards
Steve

 

[Steven D'Aprano]

Don't give up after one experience. Usenet can be really useful as long
as you know who to listen to and who to ignore ...

More importantly, Usenet can be very useful so long as you know how to
ask smart questions. If you insist on asking stupid questions, you will
rapidly get disillusioned: people will either ignore you, abuse you, or
give you helpful advice that you don't want to hear.