building a modern multi-user desktop - gnomepeople.gnome.org/~mccann/talks/guadec-multiuser.pdf ·...
TRANSCRIPT
![Page 1: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/1.jpg)
Building a Modern Multi-User Desktop
William Jon McCann <[email protected]>The Johns Hopkins University
GUADEC17 July 2007
![Page 2: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/2.jpg)
What is a multi-user desktop?
![Page 3: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/3.jpg)
What is a multi-user desktop?
● A system that can support a rich experience for multiple simultaneous user sessions
● A user session that is multi-user aware
![Page 4: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/4.jpg)
Why is this useful?
![Page 5: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/5.jpg)
Why is this useful?
● Over 80% of US households have a shared computer (according to a Microsoft report)
● Even in households/businesses with multiple computers some are more desired than others.
● Computers are idle most of the time.
● Computers are expensive. (cost, heat, space, noise)
● Guests don't want to see your porn collection.
● Why log out?
http://windowsxp.devx.com/presentations/devforawinxpmultiuserpc_110k/default.htm
![Page 6: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/6.jpg)
What forms can this take?
![Page 7: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/7.jpg)
What forms can this take?
● Fast User Switching – share from single location
![Page 8: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/8.jpg)
What forms can this take?
● Fast User Switching – share from single location
● Multi-Seat – share from different locations
![Page 9: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/9.jpg)
What forms can this take?
● Fast User Switching – share from single location
● Multi-Seat – share from different locations
● Hot desking / Session migration - combination
![Page 10: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/10.jpg)
What is Fast User Switching?
![Page 11: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/11.jpg)
OS X Fast User Switching
![Page 12: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/12.jpg)
OS X Fast User Switching
![Page 13: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/13.jpg)
OS X Fast User Switching
![Page 14: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/14.jpg)
OS X Fast User Switching
![Page 15: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/15.jpg)
Windows XP Fast User Switching
![Page 16: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/16.jpg)
Windows XP Fast User Switching
![Page 17: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/17.jpg)
Windows XP Fast User Switching
![Page 18: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/18.jpg)
Can't I do that already?
![Page 19: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/19.jpg)
GNOME 2.16 Fast User Switching
![Page 20: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/20.jpg)
GNOME 2.16 Fast User Switching
![Page 21: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/21.jpg)
GNOME 2.16 Fast User Switching
![Page 22: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/22.jpg)
GNOME 2.16 Fast User Switching
![Page 23: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/23.jpg)
GNOME 2.16 Fast User Switching
![Page 24: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/24.jpg)
What did we get wrong?
![Page 25: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/25.jpg)
What did we get wrong?
● Selected a user in Switcher applet but Login Screen didn't use it.
● Screen goes all flashy-flashy between Switcher applet and Login Screen.
● Login Screen has a Quit button.
● Login Screen dies after a while.
● Login Screen either doesn't have a “face-browser” or has a not-so-good one.
● After authenticating we switch directly to... a locked screen.
![Page 26: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/26.jpg)
What did we get wrong?
● After logging out we can end up on another locked screen or even an empty VT.
● Applications are still consuming resources in inactive session. (Videos, screensavers etc)
● Applications in inactive session may not relinquish devices. (Music players, webcams)
● Sessions may race to acquire new devices.
![Page 27: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/27.jpg)
What did we get wrong?
● No power-management while at Login Screen.
● Potentially no wireless networking at Login Screen. (software updates, backups, remote login)
● No user status information at Login Screen.
● User switcher applet isn't seat aware.
● We continue to poll optical drives when no one is logged in.
![Page 28: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/28.jpg)
What did we get wrong?
● And so on...
![Page 29: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/29.jpg)
What did we get wrong?
● Survey: root passwords
![Page 30: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/30.jpg)
What do we need?
![Page 31: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/31.jpg)
Text Login Manager
● Open a new Session.
● Set properties for the Session.
● Maintain some state for life-cycle tracking.
● Close the Session at logout.
![Page 32: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/32.jpg)
Graphical Login Manager
● Get a list of attached Seats.
● Know if the current seat supports session switching.
● List all sessions on the current Seat.
● Know which session is active for the current Seat.
● Notification of session active state changes.
● Notification when sessions are added or removed.
● Access to the metadata for any open Session.
![Page 33: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/33.jpg)
System daemon
● Know if any user sessions are open.
● Know if the system is currently being used.
![Page 34: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/34.jpg)
Hardware Abstraction Layer
● Determine what hardware is associated with a Seat.
● Determine if a Session is active or inactive on a particular Seat.
● Know when the session active state changes.
● Determine what Session a process belongs to.
![Page 35: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/35.jpg)
Fast User Switching Agent
● Determine which session it is running in.
● Determine which Seat it is running on.
● Know if the current seat supports session switching.
● Get a list of all sessions on the current Seat.
● Find which session is active for the current Seat.
● Know when the session active state changes.
● Access to the metadata for any open Session.
● Know when sessions are added or removed.
![Page 36: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/36.jpg)
What is a Session?
![Page 37: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/37.jpg)
What is a Session?
● The collection of processes that are direct descendants of a single, authenticated, interactive login process for a real user?
![Page 38: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/38.jpg)
Desperately Seeking a Session
● POSIX process session
● OS security context
● PAM session
● Entry in the accounting database
● D-Bus session
● Desktop session management
● All connections to a Xserver
● XDMCP Session
![Page 39: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/39.jpg)
POSIX process session
● The problem here is that there are various ways to create new sessions (process groups) for a single user login. For example, when a program (gnome-power-manager) is daemonized it detaches from the controlling terminal and is no longer part of the same session.
● Not the behavior that we want
![Page 40: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/40.jpg)
OS security context
● Didn't seem like it was possible to uniquely identify groups of processes.
![Page 41: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/41.jpg)
PAM sessions
● Excellent support for defining the "who" of the session but little support for the "where" and "what".
● Shouldn't trust passed in PAM_TTY value.
● PAM_TTY value isn't always a tty but sometimes a $DISPLAY.
● Sometimes PAM_TTY is just bogus (eg. sshd uses "ssh")
● Can't reliably get a pid for session leader since PAM module isn't always run by that process but by a helper/proxy or parent.
● Prior art – pam_console/foreground
![Page 42: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/42.jpg)
Entry in the accounting database (utmp)
● Information is not authoritative.
● Poor standardization of structure.
● Few rules for content / usage.
● Designed for TTY (no X11 support)
● Must monitor file, re-read, and compare with last known state in order to get change notifications (and still aren't atomic)
● Field length limitations.
![Page 43: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/43.jpg)
D-Bus session
● Historically and currently, non-graphical "sessions" have not started a D-Bus session – but could.
● Not all processes are necessarily connected to a session bus - not a problem.
● The grouping characteristic isn't so much the connection to the bus as the knowledge of the bus address.
![Page 44: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/44.jpg)
Desktop session management
● This is too high level and oriented toward stateful graphical applications. We need something that works as well for daemon processes and non-graphical sessions.
![Page 45: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/45.jpg)
All connections to a Xserver
● Obviously precludes non-graphical sessions.
● Maintaining the X connection may not be desirable.
● Sessions probably shouldn't be defined server-side.
![Page 46: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/46.jpg)
XDMCP Session
● Too specific obviously.
● But a case that must be handled.
![Page 47: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/47.jpg)
So... what is a session?
● A session is a collection of all processes that share knowledge of a secret. In the typical case, these processes all originate from a single common ancestor.
![Page 48: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/48.jpg)
Session Implementation Details
● For now, this secret should be stored in the process environment by the session leader under the name XDG_SESSION_COOKIE.
● When we are able to take advantage of a mechanism in the underlying system to store session registration information - we will.
![Page 49: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/49.jpg)
Side Effects
● A possible advantage - it is quite easy for a process to opt-out of a Session by simply unsetting the XDG_SESSION_COOKIE variable. Well... probably have to fork/exec too in practice.
● A possible disadvantage - not being able to strictly limit visibility of the secret to a particular process ancestry. So, it is not possible to enforce session boundaries other than on a per-user basis. For example, we don't yet have a way to prevent a process from moving between sessions owned by the same user.
![Page 50: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/50.jpg)
What is a Seat?
● A seat is a collection of sessions and a set of hardware (usually at least an output and input device).
![Page 51: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/51.jpg)
What is multi-seat?
![Page 52: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/52.jpg)
But...
● Aren't new, small and mobile form devices eliminating the need for multi-user support? Or... what part of One Laptop Per Child don't you understand?
![Page 53: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/53.jpg)
But...
● Aren't new, small and mobile form devices eliminating the need for multi-user support? Or... what part of One Laptop Per Child don't you understand?
● If personalization of a potentially shared resource is helpful then it is worth considering multi-user support / profiles. (handwriting/voice recognition etc)
![Page 54: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/54.jpg)
But...
● Aren't new, small and mobile form devices eliminating the need for multi-user support? Or... what part of One Laptop Per Child don't you understand?
● If personalization of a potentially shared resource is helpful then it is worth considering multi-user support / profiles. (handwriting/voice recognition etc)
● Ubiquity of mobile devices may push PC into more server-like and appliance roles – more integrated with a location. (Media/Entertainment center, Home server, Smart home)
![Page 55: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/55.jpg)
What do we need to make it work better?
![Page 56: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/56.jpg)
What do we need to make it work better?
● ConsoleKit
● HAL
● PolicyKit
● DisplayManager
● Kernel mode drivers
● Session Agents
● Well-behaved applications
![Page 57: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/57.jpg)
ConsoleKit
● http://gitweb.freedesktop.org/?p=ConsoleKit.git
● http://people.freedesktop.org/~mccann/doc/ConsoleKit/ConsoleKit.html
● http://lists.freedesktop.org/archives/hal/2007-January/006996.html
● First prototype: 26 Sept 2006
● Initial check-in to git: 25 Oct 2006
● Announced: 11 Jan 2007
![Page 58: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/58.jpg)
ConsoleKit
● ConsoleKit is a framework for defining and tracking user login sessions and seats.
● It can be used as a replacement for utmp.
● Who is logged in, from where, for how long, are they active, inactive, idle etc.
![Page 59: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/59.jpg)
Session Object
● Properties
– ID
– Seat ID
– Session type
– Unix user
– X11 display
– X11 display device
– Remote hostname
– Active state
– Local state
– Creation Time
– Idle hint state
– Idle hint since time
● Signals
– Active changed
– Idle hint changed
– Lock
– Unlock
![Page 60: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/60.jpg)
Seat Object
● Methods
– GetId
– GetSessions
– GetActiveSessions
– CanActivateSessions
– ActivateSession
● Signals
– ActiveSessionChanged
– SessionAdded
– SessionRemoved
![Page 61: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/61.jpg)
Manager Object
● Methods
– OpenSession
– OpenSessionWithParameters
– CloseSession
– GetSeats
– GetSessionForCookie
– GetSessionForUnixProcess
– GetCurrentSession
– GetSessionsForUnixUser
– GetSystemIdleHint
– GetSystemIdleHintSince
● Signals
– SeatAdded
– SeatRemoved
– SystemIdleHintChanged
![Page 62: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/62.jpg)
How does it work?
![Page 63: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/63.jpg)
Text Login
/bin/login PAM ck-connector D-Bus
![Page 64: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/64.jpg)
Text Login
/bin/login PAM ck-connector D-Bus
Sys
tem
Bu
s
D-BusConsoleKitOpenSessionWithParameters ()
![Page 65: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/65.jpg)
Text Login
/bin/login PAM ck-connector D-Bus
Sys
tem
Bu
s
D-BusConsoleKitOpenSessionWithParameters ()
Seat1
Session1
![Page 66: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/66.jpg)
Text Login
/bin/login PAM ck-connector D-Bus
Sys
tem
Bu
s
D-BusConsoleKitOpenSessionWithParameters ()
Seat1
Session1
Cookie
![Page 67: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/67.jpg)
Text Login
/bin/login PAM ck-connector D-Bus
Sys
tem
Bu
s
D-BusConsoleKitCloseSession ()
Seat1
Session1
or NameOwnerChanged ()
![Page 68: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/68.jpg)
Text Login
/bin/login PAM ck-connector D-Bus
Sys
tem
Bu
s
D-BusConsoleKitCloseSession ()
Seat1
or NameOwnerChanged ()
![Page 69: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/69.jpg)
Graphical Login
![Page 70: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/70.jpg)
Graphical Login
GDM D-Bus
Sys
tem
Bu
s
D-BusConsoleKit
GetSessionsForUnixUser ()
![Page 71: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/71.jpg)
Graphical Login
GDM D-Bus
Sys
tem
Bu
s
D-BusConsoleKit
GetSessionsForUnixUser ()
Array of session ids
![Page 72: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/72.jpg)
Graphical Login
Sys
tem
Bu
s
D-BusConsoleKitOpenSessionWithParameters ()
Seat1
Session1
GDM D-Bus
![Page 73: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/73.jpg)
Graphical Login
Sys
tem
Bu
s
D-BusConsoleKitOpenSessionWithParameters ()
Seat1
Session1
GDM D-Bus
Cookie
![Page 74: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/74.jpg)
User Switching
![Page 75: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/75.jpg)
User Switching
GDM D-Bus
Sys
tem
Bu
s
D-BusConsoleKit
GetSessionsForUnixUser ()
Seat1
Session1 (locked)
Array of session ids
![Page 76: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/76.jpg)
User Switching
Sys
tem
Bu
s
D-BusConsoleKit
Session.Unlock ()
Seat1
Session1 (locked)
GDM D-Bus
![Page 77: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/77.jpg)
User Switching
Sys
tem
Bu
s
D-BusConsoleKit
Session.Unlock ()
Seat1
Session1 (locked)
GDM D-Bus
Session::Unlock
![Page 78: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/78.jpg)
User Switching
Sys
tem
Bu
s
D-BusConsoleKit
Session.Unlock ()
Seat1
Session1
GDM D-Bus
Session::Unlock
![Page 79: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/79.jpg)
User Switching
Sys
tem
Bu
s
D-BusConsoleKit
Session.Activate ()
Seat1
Session1
GDM D-Bus
![Page 80: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/80.jpg)
User Switching
Sys
tem
Bu
s
D-BusConsoleKit
Session.Activate ()
Seat1
Session1
GDM D-Bus
Kernel
![Page 81: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/81.jpg)
User Switching
Sys
tem
Bu
s
D-BusConsoleKit
Seat1
Session1
GDM D-Bus
Session::ActiveChanged
![Page 82: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/82.jpg)
HAL
![Page 83: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/83.jpg)
HAL
● Now that we have well-defined sessions, and session change notifications, HAL can refuse service to inactive sessions and stop polling when the system is idle.
● However, whether a session is active is only one possible criterion for policy decisions...
![Page 84: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/84.jpg)
PolicyKit
● Decide whether something can be done by a given user to a given resource.
● Decide whether a given resource is accessible from a given session.
● Decide what resources belong to which seats.
![Page 85: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/85.jpg)
DisplayManager
● Needs to detect changes in seat configuration.
● Start a greeter per seat.
● Make a greeter more session-like.
● Integrate ConsoleKit more deeply.
![Page 86: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/86.jpg)
GDM2
● Just not up to the task in its current form.
● Serious problems at just about every level.
● Had reached the threshold of maintainability.
![Page 87: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/87.jpg)
A Fresh Start
● In May 2007 I decided to branch gdm and essentially start from scratch.
● http://svn.gnome.org/viewcvs/gdm2/branches/mccann-gobject/
![Page 88: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/88.jpg)
What is interesting about it?
● New configuration system but still uses the old .desktop file backend. Designed to simplify migration to a hypothetical system-wide GConf.
● Replaced the internal and external socket protocols with D-Bus interfaces.
● Dramatically simplified the interface between daemon and greeter.
● Made greeter a real session with gnome-power-manager running.
● Includes a factory greeter display that spawns sessions on new VTs.
![Page 89: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/89.jpg)
Homework: Write an awesome greeter
GDM_GREETER_DBUS_ADDRESS
<interface name="org.gnome.DisplayManager.GreeterServer"> <method name="AnswerQuery"> <arg name="text" direction="in" type="s"/> </method> <method name="SelectSession"> <arg name="text" direction="in" type="s"/> </method> <method name="SelectLanguage"> <arg name="text" direction="in" type="s"/> </method> <method name="SelectUser"> <arg name="text" direction="in" type="s"/> </method> <method name="Cancel"> </method> <signal name="Info"> <arg name="text" type="s"/> </signal> <signal name="Problem"> <arg name="text" type="s"/> </signal> <signal name="InfoQuery"> <arg name="text" type="s"/> </signal> <signal name="SecretInfoQuery"> <arg name="text" type="s"/> </signal> <signal name="Reset"> </signal></interface>
![Page 90: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/90.jpg)
How can I make an application multi-user aware?
![Page 91: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/91.jpg)
How can I make an application multi-user aware?
● Detect multiple instances
● Don't expect exclusive access to devices
● Yield resources
● Know when to take a nap
● Be a good neighbor
● Do your grunt work when system is idle
![Page 92: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/92.jpg)
What's next?
● Finish new DisplayManager
● Integrate with PolicyKit
● Port applications to new interfaces
● Work on multi-seat configuration
● Experiment with hot desking / session migration
● Session hibernation?
![Page 93: Building a Modern Multi-User Desktop - GNOMEpeople.gnome.org/~mccann/talks/guadec-multiuser.pdf · Selected a user in Switcher applet but Login Screen didn't use it. Screen goes all](https://reader034.vdocuments.mx/reader034/viewer/2022042108/5e87c01f650a9a24ca6c2e38/html5/thumbnails/93.jpg)
How can I help?
● Build / Test / Develop / Discuss
● ConsoleKit / PolicyKit / HAL: http://lists.freedesktop.org/mailman/listinfo/hal
● DisplayManager: http://mail.gnome.org/mailman/listinfo/gdm-list