Created
February 6, 2019 17:52
-
-
Save lichti/c56129e9a23b8abd5d5d75d0c16e7ae6 to your computer and use it in GitHub Desktop.
This process do lock all sessions when a yubikey is removed from device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This process do lock all sessions when a yubikey is removed from device | |
# Script to block all open sessions | |
cat <<-'EOF' | sudo tee /usr/local/bin/gnome_lock_all_sessions | |
#!/bin/sh | |
for bus in /run/user/*/bus; do | |
echo "bus: ${bus}" | |
uid=$(basename $(dirname $bus)) | |
echo "uid: ${uid}" | |
if [ $uid -ge 1000 ]; then | |
session=$(loginctl list-sessions | grep $uid) | |
if [ $? -lt 1 ]; then | |
session=$(loginctl list-sessions | grep $uid | awk '{print $1}') | |
loginctl lock-session $session | |
fi | |
fi | |
done | |
EOF | |
# Give script permission | |
sudo chmod +x /usr/local/bin/gnome_lock_all_sessions | |
# Create a new rule in udev | |
echo 'ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_VENDOR_FROM_DATABASE}=="Yubico.com", RUN+="/usr/local/bin/lock_all_sessions"' | sudo tee /etc/udev/rules.d/99-yubikey_lock_screen.rules | |
# Reload udevrules | |
sudo udevadm control -R |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment