xrdp icon indicating copy to clipboard operation
xrdp copied to clipboard

Published 20 hours ago verified publisher icon neutrinolabs

Is there a way to manage xrdp sessions for multiple users?

Open BloodyIron opened this issue 7 years ago • 12 comments

I'm wondering if there's a way in xrdp to be able to look at session info for multiple users for xrdp. Things like, kicking users, see who's connected, how many logins currently, etc. Is this possible?

BloodyIron avatar Jul 17 '17 05:07 BloodyIron

xrdp-sesadmin utility is what you're looking for. On Mon, Jul 17, 2017 at 8:46 AM BloodyIron [email protected] wrote:

I'm wondering if there's a way in xrdp to be able to look at session info for multiple users for xrdp. Things like, kicking users, see who's connected, how many logins currently, etc. Is this possible?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/neutrinolabs/xrdp/issues/820, or mute the thread https://github.com/notifications/unsubscribe-auth/ADTH1Exe9Xny3_GIOQ9W-W6wpiNsDxNPks5sOvU4gaJpZM4OZkaV .

-- Idan Freiberg

PGP FP: 8108 7EC9 806E 4980 75F2 72B3 8AD3 2D04 337B 1F18

speidy avatar Jul 17 '17 05:07 speidy

It looks like xrdp-sesadmin doesn't have the working functionality to kill sessions. There is a parameter available, but documentation (and testing) shows that it doesn't work.

I'm on 0.9.0 and I don't see anything relevant to this in the release notes for newer versions.

Being able to kill sessions is very important. Are there any plans for this?

BloodyIron avatar Jul 17 '17 17:07 BloodyIron

This doesn't seem to be implemented: cmndKill() in xrdp/sesman/tools/sesadmin.c is empty.

Presumably it needs to be added to the scp (sesman protocol). On the server side, killing the session xrdp-sesman isn't enough: it needs to kill the X server and/or startwm.sh.

ben-cohen avatar Jul 19 '17 20:07 ben-cohen

That's correct. seems like we need to keep Xorg pid as well. On Wed, Jul 19, 2017 at 11:36 PM Ben Cohen [email protected] wrote:

This doesn't seem to be implemented: cmndKill() in xrdp/sesman/tools/sesadmin.c is empty.

Presumably it needs to be added to the scp (sesman protocol). On the server side, killing the session xrdp-sesman isn't enough: it needs to kill the X server and/or startwm.sh.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/neutrinolabs/xrdp/issues/820#issuecomment-316509304, or mute the thread https://github.com/notifications/unsubscribe-auth/ADTH1JSkLHWoQonJ-C8OAURBSK5DDPpOks5sPmjigaJpZM4OZkaV .

-- Idan Freiberg

PGP FP: 8108 7EC9 806E 4980 75F2 72B3 8AD3 2D04 337B 1F18

speidy avatar Jul 19 '17 20:07 speidy

How hard do you see this being to implement?

BloodyIron avatar Jul 19 '17 22:07 BloodyIron

I think this sort of thing is easier with my shared memory change (pull request #819). We could add fields for the Xorg pid (and the wm pid if you like) and the session instance process of xrdp-sesman can set them in session_start_fork(). Then the daemon instance can see those pids to kill them. (Otherwise it will have to walk the processes tree in /proc.)

Btw I think it would be a good idea for each xrdp-sesman session instance (and descendants) to get a new Linux session (SID).

ben-cohen avatar Jul 20 '17 18:07 ben-cohen

Today i had the problem to kill a bunch of sessions. After looking at the output of 'ps axjf' i wrote a little tool for that:

#include <unistd.h> #include <stdlib.h> #include <stdio.h> #include <sys/types.h> #include <signal.h> void main(int argc, char **argv) { pid_t pid, pgid; pid = atoi(argv[1]); pgid = getpgid(pid); printf("pid = %i, pgid = %i\n", pid, pgid); if(kill(-pgid, SIGTERM) == SUCCESS) { printf("pgid killed\n"); } };

Basically the idea is to get the process group pid of the sesman process and send TERM to every process in this process group. It seems to work, everything started by sesman including sesman was terminated.

sid could work too, but i'm no expert.

pieska avatar Dec 07 '17 16:12 pieska

I would also like to have xrdp-sesman list me all users having a session.

When I am sure I don't have a session and check with xrdp-sesman -u=me -p -c=list it lists me two sessions, but I'm in no way logged in as that "me" user, invisible with loginctl and who

I have found this useful to check the logs: zcat $(ls -1d /var/log/xrdp-sesman.log*|sort -Vr) |grep "++"

The used xrdp versions are: xrdp 0.9.21.1-1ubuntu1 and xorgxrdp 1:0.9.19-1ubuntu1

also waiting for https://github.com/neutrinolabs/xrdp/issues/1302

alexmyczko avatar Jan 22 '24 08:01 alexmyczko

It's on the list of improvements I want to make to xrdp-sesadmin. I want to be able to add some users as admin users who will have visibility of all xrdp sessions.

#2745 (which fixes #1302) will be merged as soon as we've got GFX working reliably. That's a main priority for us at the moment.

matt335672 avatar Jan 22 '24 09:01 matt335672

i've got some loginctl interface with a xrdpctl, if you're interested?

alexmyczko avatar Feb 11 '24 17:02 alexmyczko

Thanks @alexmyczko

By all means post it - it may well be useful to other users.

matt335672 avatar Feb 12 '24 09:02 matt335672

Ok it wasn't written yet, but this works for me. Enjoy!

https://github.com/alexmyczko/autoexec.bat/blob/master/xrdpctl

alexmyczko avatar Feb 12 '24 12:02 alexmyczko