Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Lock (Gnome) session when removing Yubico U2F key

Setup

  1. Copy 99-u2f_lock_screen.rules to /etc/udev/rules.d.
  2. Copy gnome_lock_all_sessions to /usr/local/bin.
  3. Mark gnome_lock_all_sessions as executable: chmod +x /usr/local/bin/gnome_lock_all_sessions
  4. Reload udev: udevadm control -R
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL_FROM_DATABASE}=="Yubikey Touch U2F Security Key", RUN+="/usr/local/bin/gnome_lock_all_sessions"
#!/bin/sh
# List available names
# dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames
# Lock session (Gnome)
# dbus-send --session --type=method_call --dest=org.gnome.ScreenSaver /org/gnome/ScreenSaver org.gnome.ScreenSaver.Lock
# Unlock session (Gnome)
#dbus-send --session --type=method_call --dest=org.gnome.ScreenSaver /org/gnome/ScreenSaver org.gnome.ScreenSaver.SetActive boolean:false
# Lock session (freedesktop) (no effect?)
# dbus-send --session --type=method_call --dest=org.freedesktop.ScreenSaver /org/freedesktop/ScreenSaver org.freedesktop.ScreenSaver.Lock
for bus in /run/user/*/bus; do
uid=$(basename $(dirname $bus))
if [ $uid -ge 1000 ]; then
user=$(id -un $uid)
export DBUS_SESSION_BUS_ADDRESS=unix:path=$bus
if su -c 'dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames' $user | grep org.gnome.ScreenSaver; then
su -c 'dbus-send --session --type=method_call --dest=org.gnome.ScreenSaver /org/gnome/ScreenSaver org.gnome.ScreenSaver.Lock' $user
fi
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment