Bug#890517: killer's CRON logs out users once per hour
Control: forwarded -1 https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 [Wolfgang Schweer] > Any news on this one? Debian Edu Bullseye intends to use x2goserver on > LTSP servers for Thin Client support... The upstream issue is still open, at least. (Just a quick reply to set the forwared url. :) -- Happy hacking Petter Reinholdtsen
Bug#890517: killer's CRON logs out users once per hour
Moin Mike, On Wed, 06 Feb 2019 11:25:54 + Mike Gabriel wrote: > > control: severity -1 serious > > # x2go-server is now in buster > > thanks > > neither x2goserver nor killer are unusable due to the missing > utmp/wtmp registration. Thus, reducing severity to imporant. > > I will look into this issue for buster is out while we are still in > soft-freeze (in fact I have some local prototype already, but need to > revisit). Any news on this one? Debian Edu Bullseye intends to use x2goserver on LTSP servers for Thin Client support... Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
Control: severity -1 important Hi Adrian, On Di 05 Feb 2019 15:22:06 CET, Adrian Bunk wrote: control: severity -1 serious # x2go-server is now in buster thanks neither x2goserver nor killer are unusable due to the missing utmp/wtmp registration. Thus, reducing severity to imporant. I will look into this issue for buster is out while we are still in soft-freeze (in fact I have some local prototype already, but need to revisit). Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpYmZ0I_AGas.pgp Description: Digitale PGP-Signatur
Bug#890517: killer's CRON logs out users once per hour
control: reassign -1 x2goserver thanks On Tue, Feb 05, 2019 at 04:22:06PM +0200, Adrian Bunk wrote: > control: severity -1 serious > # x2go-server is now in buster right, thanks for raising the severity. > > On Tue, Feb 20, 2018 at 10:30:57AM +0100, Wolfgang Schweer wrote: > > > > If NX do not update utmp/wtmp for logged in users, I would claim that > > > > NX is broken, and if it is by design, then NX is broken by design. > > > Right. This bug should be reassiged to the x2go-server package, but then > > > the package isn't part of Debian... I agree with this. > > we could still make the killer package conflict with it… or add a > > Breaks. I don't really agree with this (which I wrote) anymore. x2goserver should be fixed to update utmp/wtmp. -- tschüß, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
control: severity -1 serious # x2go-server is now in buster thanks On Sun, Feb 25, 2018 at 02:09:00PM +, Holger Levsen wrote: > control: severity -1 important > # x2go-server is not in Debian, this lowering the severity… > thanks > > On Tue, Feb 20, 2018 at 10:30:57AM +0100, Wolfgang Schweer wrote: > > > If NX do not update utmp/wtmp for logged in users, I would claim that > > > NX is broken, and if it is by design, then NX is broken by design. > > Right. This bug should be reassiged to the x2go-server package, but then > > the package isn't part of Debian... > > we could still make the killer package conflict with it… or add a > Breaks. > > (But that too would be a workaround…) > > > -- > cheers, > Holger cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#890517: killer's CRON logs out users once per hour
Hi Wolfgang, On Di 20 Nov 2018 22:08:44 CET, Wolfgang Schweer wrote: On Tue, Nov 20, 2018 at 02:33:53PM +, Mike Gabriel wrote: I am not sure, if the patch is not a functional overkill. Hi Mike, I don't think that this is the case: My observation was, that the x2goagent processes got killed by killer. Yes, but if the user's x2goagent process gets killed, all other processes belonging to this user will be killed as well because the user session isn't registered. No. The other processes get killed because most of them are X clients to x2goagent (which is a nested Xserver). Once x2goagent is gone, the attached X clients evaporate. OTOH stale x2goagent processes may still exist from sessions that have been messed up by the user. At least this has been the case when I used NX technology at school to let people connect from home. (Years ago, though, things might be different nowadays.) Yeah, I know. This should be cleanly handled by the x2gocleansessions script running in the background on all X2Go Servers (launched by x2goserver.service). It should not be on us (i.e. killer) to clean up that X2Go specific mess. So, stale x2goagent instances can be ignored here. So maybe, we should protect those only. IMO stale x2goagent processes should be killed. -> /usr/sbin/x2gocleansessions, not for us. That's why the patch searches for users with a x2goruncommand process. If this one exists, user applications are actually running and nothing belonging to these users should be killed. This is true. If we (speaking with my X2Go upstream hat and Debian Edu hat on) want time-limited X2Go sessions, than this bit of code should really go into X2Go Server. I agree on the above. For the session applications, I am currently working on a sessreg based utmp/wtmp patch against X2Go Server. That sounds very good. Patching the killer script would be obsolete in that case. I have chewed on different approaches yesterday (and was not too happy). This morning I came up with a solution that I need to propose to the X2Go upstream team (once the patch works 100%). I am quite positive and assume that we will get this into buster. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpJz4sU_DzyC.pgp Description: Digitale PGP-Signatur
Bug#890517: killer's CRON logs out users once per hour
On Tue, Nov 20, 2018 at 02:33:53PM +, Mike Gabriel wrote: > I am not sure, if the patch is not a functional overkill. Hi Mike, I don't think that this is the case: > My observation was, that the x2goagent processes got killed by killer. Yes, but if the user's x2goagent process gets killed, all other processes belonging to this user will be killed as well because the user session isn't registered. OTOH stale x2goagent processes may still exist from sessions that have been messed up by the user. At least this has been the case when I used NX technology at school to let people connect from home. (Years ago, though, things might be different nowadays.) > So maybe, we should protect those only. IMO stale x2goagent processes should be killed. That's why the patch searches for users with a x2goruncommand process. If this one exists, user applications are actually running and nothing belonging to these users should be killed. > For the session applications, I am currently working on a sessreg > based utmp/wtmp patch against X2Go Server. That sounds very good. Patching the killer script would be obsolete in that case. Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
Hi Wolfgang, On Di 20 Nov 2018 15:27:25 CET, Wolfgang Schweer wrote: On Mon, Nov 19, 2018 at 12:00:20AM +0100, Petter Reinholdtsen wrote: I had a look at the patch, and it is not obviously wrong, at least. I do not know the code well any more, but did test and read it, and it might work. I do not have x2go myself, so I can not test that part, though. Thanks for the feedback. I've now tested the patched killer script once again in a virtual machine environment: X2Go server running on a Debian Edu Buster combined server, X2Go Client on a Debian Edu Buster workstation with profile 'Standalone'. The complete set of X2Go component packages is available in testing since March 2018. The killer script works like expected. A git format-patch is attatted, generated against killer.git as of today. Wolfgang I am not sure, if the patch is not a functional overkill. My observation was, that the x2goagent processes got killed by killer. So maybe, we should protect those only. For the session applications, I am currently working on a sessreg based utmp/wtmp patch against X2Go Server. I'll provide more info later today. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpHNsNontocG.pgp Description: Digitale PGP-Signatur
Bug#890517: killer's CRON logs out users once per hour
On Mon, Nov 19, 2018 at 12:00:20AM +0100, Petter Reinholdtsen wrote: > I had a look at the patch, and it is not obviously wrong, at least. I do > not know the code well any more, but did test and read it, and it might > work. I do not have x2go myself, so I can not test that part, though. Thanks for the feedback. I've now tested the patched killer script once again in a virtual machine environment: X2Go server running on a Debian Edu Buster combined server, X2Go Client on a Debian Edu Buster workstation with profile 'Standalone'. The complete set of X2Go component packages is available in testing since March 2018. The killer script works like expected. A git format-patch is attatted, generated against killer.git as of today. Wolfgang From 21264e60134d16f0eb9d9cb0ee92e07d55ce3539 Mon Sep 17 00:00:00 2001 From: Wolfgang Schweer Date: Tue, 20 Nov 2018 14:56:56 +0100 Subject: [PATCH] Exclude all jobs belonging to users running an X2Go session from being killed. --- debian/changelog | 7 +++ debian/patches/series | 1 + debian/patches/x2go.patch | 33 + 3 files changed, 41 insertions(+) create mode 100644 debian/patches/x2go.patch diff --git a/debian/changelog b/debian/changelog index 0657909..a04bba5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +killer (0.90-14) UNRELEASED; urgency=medium + + * Exclude all jobs belonging to users running an X2Go session from being +killed. (Closes: #648219, #890517). + + -- Wolfgang Schweer Tue, 20 Nov 2018 14:41:33 +0100 + killer (0.90-13) unstable; urgency=medium * Team upload. diff --git a/debian/patches/series b/debian/patches/series index 68b50ae..d527c83 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -14,3 +14,4 @@ consoleuser-consolekit.patch consoleuser-xprintidle.patch consoleuser-logind.patch handle-ps-name-truncate.patch +x2go.patch diff --git a/debian/patches/x2go.patch b/debian/patches/x2go.patch new file mode 100644 index 000..822f920 --- /dev/null +++ b/debian/patches/x2go.patch @@ -0,0 +1,33 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +Exclude all jobs belonging to users running an X2Go session from being killed. + +@DPATCH@ +Index: killer-git/killer + +--- a/killer b/killer +@@ -1328,6 +1328,23 @@ Removes all processes of users with uid lower than the $minuid value. + + =item * + ++Exclude all jobs belonging to users running an X2Go session from being ++terminated. X2Go fails to register users in utemp/wtemp files; for more ++information, see: https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 ++ ++=cut ++ ++my @x2gousers = (); ++foreach my $pid ( keys %pid2comm ) { ++next unless ( $pid2comm{$pid} eq 'x2goruncommand' ); ++push(@x2gousers, $pid2user{$pid}); ++} ++foreach $user ( @x2gousers ) { ++$ptable->removeProcesses('ruser', $user); ++} ++ ++=item * ++ + Finally, the process table and terminal objects are returned. + + =back -- 2.19.1 signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
[Wolfgang Schweer] > Mike, could you test this change to killer (might be smarter, some one > w/ Perl skills should check it: I had a look at the patch, and it is not obviously wrong, at least. I do not know the code well any more, but did test and read it, and it might work. I do not have x2go myself, so I can not test that part, though. -- Happy hacking Petter Reinholdtsen
Bug#890517: killer's CRON logs out users once per hour
On Sun, Feb 25, 2018 at 03:14:03PM +0100, Petter Reinholdtsen wrote: > [Mike Gabriel] > > This is at most a dirty work around. The killer command wipes > > x2goagent hourly and this must be prevented in killer itself somehow. > > > > With the above patch you disable killer system-wide once at least one > > X2Go Session is running on the host. Not the right approach. > > It do not sound like a too bad approach either, given that X2Go fail to > register its sessions in the standard unix way. It seem like the safe > option to just disable killer if X2Go is detected. While X2Go should add session registration ASAP, killer could save those sessions (similar like the 'condor' ones) for the time being. Users with active X2Go sessions can be identified running: 'ps aux | grep '[x]2goruncommand' | cut -d ' ' -f1' Mike, could you test this change to killer (might be smarter, some one w/ Perl skills should check it: --- a/killer2018-02-27 18:14:50.085187798 +0100 +++ b/killer2018-02-27 18:15:59.624571678 +0100 @@ -1328,6 +1328,23 @@ =item * +Exclude all jobs belonging to users running an X2Go session from being +terminated. X2Go fails to register users in utemp/wtemp files; for more +information, see: https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 + +=cut + +my @x2gousers = (); +foreach my $pid ( keys %pid2comm ) { +next unless ( $pid2comm{$pid} eq 'x2goruncommand' ); +push(@x2gousers, $pid2user{$pid}); +} +foreach $user ( @x2gousers ) { +$ptable->removeProcesses('ruser', $user); +} + +=item * + Finally, the process table and terminal objects are returned. =back Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
[Mike Gabriel] > This is at most a dirty work around. The killer command wipes > x2goagent hourly and this must be prevented in killer itself somehow. > > With the above patch you disable killer system-wide once at least one > X2Go Session is running on the host. Not the right approach. It do not sound like a too bad approach either, given that X2Go fail to register its sessions in the standard unix way. It seem like the safe option to just disable killer if X2Go is detected. -- Happy hacking Petter Reinholdtsen
Bug#890517: killer's CRON logs out users once per hour
control: severity -1 important # x2go-server is not in Debian, this lowering the severity… thanks On Tue, Feb 20, 2018 at 10:30:57AM +0100, Wolfgang Schweer wrote: > > If NX do not update utmp/wtmp for logged in users, I would claim that > > NX is broken, and if it is by design, then NX is broken by design. > Right. This bug should be reassiged to the x2go-server package, but then > the package isn't part of Debian... we could still make the killer package conflict with it… or add a Breaks. (But that too would be a workaround…) -- cheers, Holger signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
Hi Wolfgang, On Do 22 Feb 2018 20:02:31 CET, Wolfgang Schweer wrote: On Tue, Feb 20, 2018 at 12:54:26PM +0100, Wolfgang Schweer wrote: Seems to be X2Go Bug #1171 Create wtmp entry for x2go sessions See: https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 After testing x2goserver on a Stretch system I noticed that X2Go sessions can be detected reliably due to some command using a param string containing 'X2GO'. This change would work around the x2go bug running the killer cron job only in case an X2Go session isn't detected: --- a/cron.hourly 2014-06-11 11:15:55.0 +0200 +++ b/cron.hourly 2018-02-22 19:42:36.419963949 +0100 @@ -1,3 +1,3 @@ #!/bin/sh -if [ -x /usr/sbin/killer ] ; then /usr/sbin/killer; fi +if [ -x /usr/sbin/killer ] && [ $(ps ax | grep X2GO | wc -l) -le 1 ] ; then /usr/sbin/killer; fi Mike: could you test and give some feedback? Wolfgang This is at most a dirty work around. The killer command wipes x2goagent hourly and this must be prevented in killer itself somehow. With the above patch you disable killer system-wide once at least one X2Go Session is running on the host. Not the right approach. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgp0c81RHagVM.pgp Description: Digitale PGP-Signatur
Bug#890517: killer's CRON logs out users once per hour
On Tue, Feb 20, 2018 at 12:54:26PM +0100, Wolfgang Schweer wrote: > Seems to be X2Go Bug #1171 Create wtmp entry for x2go sessions > > See: https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 After testing x2goserver on a Stretch system I noticed that X2Go sessions can be detected reliably due to some command using a param string containing 'X2GO'. This change would work around the x2go bug running the killer cron job only in case an X2Go session isn't detected: --- a/cron.hourly 2014-06-11 11:15:55.0 +0200 +++ b/cron.hourly 2018-02-22 19:42:36.419963949 +0100 @@ -1,3 +1,3 @@ #!/bin/sh -if [ -x /usr/sbin/killer ] ; then /usr/sbin/killer; fi +if [ -x /usr/sbin/killer ] && [ $(ps ax | grep X2GO | wc -l) -le 1 ] ; then /usr/sbin/killer; fi Mike: could you test and give some feedback? Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
On Tue, Feb 20, 2018 at 10:30:57AM +0100, Wolfgang Schweer wrote: > Right. This bug should be reassiged to the x2go-server package Seems to be X2Go Bug #1171 Create wtmp entry for x2go sessions See: https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
On Tue, Feb 20, 2018 at 06:32:22AM +0100, Petter Reinholdtsen wrote: > [Wolfgang Schweer] > > IIRC, for connections to a system that runs Nomachine technology (not > > part of Debian) the utmp/wtmp files are not used by design (on the > > system running NX server). Instead, NX keeps track of the forwarded > > sessions itself. > > Updating utmp/wtmp is not only for 'keeping track of sessions', it is > also used by shutdown and other systems to know who to notify when > taking down a host or notify logged in users in other cases. Yes, I know. This has been an issue years ago when I used freeNX (the first open source NX server implementation) at school; it was always needed to care for it manually using some tool to list running sessions. It doesn't seem to have been improved with recent implementations. > If NX do not update utmp/wtmp for logged in users, I would claim that > NX is broken, and if it is by design, then NX is broken by design. Right. This bug should be reassiged to the x2go-server package, but then the package isn't part of Debian... Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
[Wolfgang Schweer] > IIRC, for connections to a system that runs Nomachine technology (not > part of Debian) the utmp/wtmp files are not used by design (on the > system running NX server). Instead, NX keeps track of the forwarded > sessions itself. Updating utmp/wtmp is not only for 'keeping track of sessions', it is also used by shutdown and other systems to know who to notify when taking down a host or notify logged in users in other cases. If NX do not update utmp/wtmp for logged in users, I would claim that NX is broken, and if it is by design, then NX is broken by design. -- Happy hacking Petter Reinholdtsen
Bug#890517: killer's CRON logs out users once per hour
On Thu, Feb 15, 2018 at 03:21:41PM +, Mike Gabriel wrote: > On Do 15 Feb 2018 15:23:46 CET, Petter Reinholdtsen wrote: > > > [Mike Gabriel] > > > We never came to the point to investigate this closer, but personally, > > > I think that killer on a Debian Edu system with MATE desktop env has > > > not been usable at least since jessie. I'm unable to reproduce the reported issue (Debian Edu Jessie, Stretch, Buster; tested LightDM, GDM, SDDM). > > The only way I can think of that this can happen, is if the display > > manager is broken and fail to register logged in users in the utmp/wtmp > > files. You can verify this by running 'w' or 'who' after login to see > > if the user is registered as logged in. If this is the case, the fatal > > bug is in the login service you are using, not killer. > > Output of "who" looks good, if MATE gets launched locally (vt7). Display > Manager is LightDM with Arctica Greeter on top. > However, I noticed that X2Go does not register the logged in user in > utmp/wtmp. Mike, could you provide some details? IIRC, for connections to a system that runs Nomachine technology (not part of Debian) the utmp/wtmp files are not used by design (on the system running NX server). Instead, NX keeps track of the forwarded sessions itself. IMO killer shouldn't be installed on a system running NX technology because the reported failure will show up for sure. Wolfgang signature.asc Description: PGP signature
Bug#890517: killer's CRON logs out users once per hour
On Do 15 Feb 2018 15:23:46 CET, Petter Reinholdtsen wrote: [Mike Gabriel] We never came to the point to investigate this closer, but personally, I think that killer on a Debian Edu system with MATE desktop env has not been usable at least since jessie. The only way I can think of that this can happen, is if the display manager is broken and fail to register logged in users in the utmp/wtmp files. You can verify this by running 'w' or 'who' after login to see if the user is registered as logged in. If this is the case, the fatal bug is in the login service you are using, not killer. Output of "who" looks good, if MATE gets launched locally (vt7). Display Manager is LightDM with Arctica Greeter on top. However, I noticed that X2Go does not register the logged in user in utmp/wtmp. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgp2NZMFxF82u.pgp Description: Digitale PGP-Signatur
Bug#890517: killer's CRON logs out users once per hour
[Mike Gabriel] > We never came to the point to investigate this closer, but personally, > I think that killer on a Debian Edu system with MATE desktop env has > not been usable at least since jessie. The only way I can think of that this can happen, is if the display manager is broken and fail to register logged in users in the utmp/wtmp files. You can verify this by running 'w' or 'who' after login to see if the user is registered as logged in. If this is the case, the fatal bug is in the login service you are using, not killer. -- Happy hacking Petter Reinholdtsen
Bug#890517: killer's CRON logs out users once per hour
Package: killer Severity: serious Hi, since Debian jessie, we disable killer in Debian Edu installations as killer causes hourly logouts from user sessions. We never came to the point to investigate this closer, but personally, I think that killer on a Debian Edu system with MATE desktop env has not been usable at least since jessie. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgp5uvqFXmAKN.pgp Description: Digitale PGP-Signatur