0

enter image description here

(Example screenshot taken from https://askubuntu.com/questions/1343872/ubuntu-shows-other-users-are-logged-in-whenever-i-shut-down-even-though-i-am-the)

But my question is: how does the system know this? I have done

sudo chmod o-r /var/run/utmp
sudo chmod o-r /var/log/wtmp

And I verified that my user cannot run w or who anymore: the command output is empty because of read permission denied in utmp and wtmp.

So how does the system know this? Where is the information leaking?

Improve this question
2
  • Are you in fact asking how to hide the fact that some other user is using the system, regardless of whether this is this particular dialogue box, or in the output of the w, who, ps etc. commands? Or are you only interested in getting rid of this box? Commented Feb 9, 2023 at 7:27
  • @Kusalananda I'm asking both. Primarily, how to get rid of the message. Secondly, how to prevent access to this information for normal users in general. I realize that this question doesn't reflect these intentions. But it's still not a bad question I think and furthermore, the current answer is doing a great job explaining the information leak. So I decided to simply open a new updated question. unix.stackexchange.com/questions/734979/… Commented Feb 9, 2023 at 23:09

1 Answer 1

Reset to default
3

The information about active sessions and logged in users is provided by systemd-logind (or elogind on non-systemd systems) and any user can get the information via the DBus interface:

$ busctl call org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager ListUsers
a(uso) 2 1000 "jenkins" "/org/freedesktop/login1/user/_1000" 22437 "vtrefny" "/org/freedesktop/login1/user/_22437"

(example from a system with two users with an active session).

The information is held by systemd so changing permissions for w/who isn't going to "disable" this. Some parts of the DBus API are protected via polkit but these are only the "active" operations like shutdown, the information about active sessions are public to everyone.

Improve this answer
7
  • As far as i can tell this cannot be changed, there are no policykit rules for the "read only" parts of the logind dbus API like ListUsers so the information is just publicly available. Commented Feb 9, 2023 at 4:38
  • 1
    This sounds like an XY problem. You can't get rid of that message by trying to hide the other users. Instead, you need to find a different way to reboot the machine. Commented Feb 9, 2023 at 4:50
  • An X Y problem is where X is your problem and you want to do Y to solve it, but Y is unrelated to X and doesn't work. You need a different Y. Your problem is you don't want to see that message. Your Y is rebooting with a method that checks if users are logged in, so you try to hide logged in users instead of rebooting with a different method. Commented Feb 9, 2023 at 5:04
  • The method you are using to reboot checks if other users are logged in. You need to modify that method, not hide the users. not "don't show users", but don't check users, or shorten the timeout or change the wording of the message. Anyway, it's rude to reboot a system that has other users logged in without warning them or giving their applications time to save. Commented Feb 9, 2023 at 5:16
  • @user10489 "change the wording of the message" Is that possible?! Without cloning their repo and writing my own patch...? It seemed easier to just prohibit access to this information that I don't want to be visible anyway. Commented Feb 9, 2023 at 5:50

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.