我想知道当用户通过 Linux 的登录 GUI 在系统中解锁自己时的用户名。我已经检查过 /etc/pam.d/gdm-password。据我所知,unlock 和 lock 操作与 gdm-password 相关。这是我的 gdm-password 文件,如下所示。
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-auth
auth optional pam_gnome_keyring.so
account optional pam_exec.so seteuid /trigger account
session optional pam_exec.so seteuid /trigger session
@include common-account
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without this it is possible
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password
这是我的 bash 脚本:
#!/bin/bash
id=$(/usr/bin/cat /proc/self/sessionid)
#echo "$date [$1] $PAM_USER $PAM_TYPE $id" >> /var/log/test.log
name=$(/usr/bin/loginctl show-session $id | /usr/bin/grep Name= | /usr/bin/cut -d = -f 2)
if [ "$PAM_TYPE" == "account" ] && [[ -v id ]] && [ "$name" == "$PAM_USER" ];then
echo "$date $PAM_USER unlocked" >> /var/log/actions.log
# echo "$(/usr/bin/loginctl show-session $id)" >> /var/log/details.log
elif [ "$PAM_TYPE" == "open_session" ];then
echo "$date $PAM_USER logged in" >> /var/log/actions.log
elif [ "$PAM_TYPE" == "close_session" ];then
echo "$date $PAM_USER logged out" >> /var/log/actions.log
fi
当我解锁时,我在屏幕上看到一个错误,例如 /trigger failed: exit code 2。我该怎么办?当用户解锁时,我只想在文件中看到他的名字。就是这样。