1 00:00:06,780 --> 00:00:09,753 - In this video, I will tell you about session management. 2 00:00:10,980 --> 00:00:13,350 So what is session management about? 3 00:00:13,350 --> 00:00:16,230 Well, that is about managing and monitoring who's doing what 4 00:00:16,230 --> 00:00:17,133 on your system. 5 00:00:18,270 --> 00:00:20,730 To start with, there is who and w. 6 00:00:20,730 --> 00:00:23,400 These are commands that have been around for a long time, 7 00:00:23,400 --> 00:00:25,350 and which will show you the users 8 00:00:25,350 --> 00:00:27,150 that are currently logged in. 9 00:00:27,150 --> 00:00:28,890 Then there is loginctl. 10 00:00:28,890 --> 00:00:30,690 Loginctl is relatively new, 11 00:00:30,690 --> 00:00:33,240 and it's a part of the systemd solution. 12 00:00:33,240 --> 00:00:35,190 I'll talk about systemd later. 13 00:00:35,190 --> 00:00:37,920 Loginctl allows for current session management, 14 00:00:37,920 --> 00:00:41,910 and you can do cool stuff like loginctl list-sessions, 15 00:00:41,910 --> 00:00:43,860 and loginctl show-session 16 00:00:43,860 --> 00:00:46,710 to show you properties of a session ID, 17 00:00:46,710 --> 00:00:50,850 and loginctl show-user to get information about a user. 18 00:00:50,850 --> 00:00:54,480 And the coolest of all is loginctl terminate-session, 19 00:00:54,480 --> 00:00:57,270 which allows you to cut off a session. 20 00:00:57,270 --> 00:00:58,770 Why would you wanna do that? 21 00:00:58,770 --> 00:01:03,770 Well, once I have witnessed a system that was being hacked. 22 00:01:03,930 --> 00:01:06,300 Being hacked, that means that I was using who 23 00:01:06,300 --> 00:01:09,600 and I saw a user account that definitely shouldn't be there. 24 00:01:09,600 --> 00:01:13,380 In cases like that, you are really going to love loginctl, 25 00:01:13,380 --> 00:01:16,620 which allows you to cut off that session right now 26 00:01:16,620 --> 00:01:20,280 and verify your security procedures. 27 00:01:20,280 --> 00:01:22,230 Let me show you how to work with these. 28 00:01:24,570 --> 00:01:26,640 All right, in order to show you how to do this, 29 00:01:26,640 --> 00:01:29,550 I'm going to establish a remote connection. 30 00:01:29,550 --> 00:01:32,240 So ssh linda@192.168.29.141. 31 00:01:37,560 --> 00:01:39,990 Prompting for the password, there we go. 32 00:01:39,990 --> 00:01:43,560 And linda has logged into the CentOS machine. 33 00:01:43,560 --> 00:01:44,940 Now let's explore. 34 00:01:44,940 --> 00:01:48,300 If I use who, then I can see the current users. 35 00:01:48,300 --> 00:01:51,900 So I can see user student, and I can see user linda, 36 00:01:51,900 --> 00:01:54,783 including the IP address that user linda is coming from. 37 00:01:55,830 --> 00:02:00,120 Then when I use w, w is showing the same information, 38 00:02:00,120 --> 00:02:01,980 but a little bit more detail. 39 00:02:01,980 --> 00:02:03,960 So we can see LOGIN. 40 00:02:03,960 --> 00:02:05,160 We can see IDLE. 41 00:02:05,160 --> 00:02:08,010 Linda has been doing nothing for 17 seconds. 42 00:02:08,010 --> 00:02:09,690 We can see some CPU usage, 43 00:02:09,690 --> 00:02:12,180 and we can see what the user is doing. 44 00:02:12,180 --> 00:02:15,960 I love w, because with w, you can monitor 45 00:02:15,960 --> 00:02:19,383 if the user is actually doing something or not. 46 00:02:20,250 --> 00:02:22,410 But that is not what I wanted to talk about. 47 00:02:22,410 --> 00:02:24,810 I wanted to talk about loginctl. 48 00:02:24,810 --> 00:02:29,790 So loginctl list-sessions is showing me what? 49 00:02:29,790 --> 00:02:32,400 Well, basically the same information 50 00:02:32,400 --> 00:02:36,540 with a session ID for every single session that exists. 51 00:02:36,540 --> 00:02:40,440 And loginctl show-session 52 00:02:40,440 --> 00:02:42,420 on session number 8 53 00:02:42,420 --> 00:02:47,420 is giving more detailed information about the session. 54 00:02:48,930 --> 00:02:50,670 Is this really useful information? 55 00:02:50,670 --> 00:02:53,190 I'm not so sure about it, but at least we can see 56 00:02:53,190 --> 00:02:57,750 that the user has come in through an ssh session, 57 00:02:57,750 --> 00:03:01,890 the user is currently active, and some more properties. 58 00:03:01,890 --> 00:03:03,660 Apart from monitoring the session, 59 00:03:03,660 --> 00:03:05,850 you can also monitor the user. 60 00:03:05,850 --> 00:03:10,420 So loginctl show-user 61 00:03:12,501 --> 00:03:13,680 on user linda 62 00:03:13,680 --> 00:03:17,370 is showing me the different properties for that user. 63 00:03:17,370 --> 00:03:20,370 Now the user and session come pretty close to one another. 64 00:03:20,370 --> 00:03:22,530 And what we see here, honestly, 65 00:03:22,530 --> 00:03:25,260 is information that's not really that useful, 66 00:03:25,260 --> 00:03:28,260 but by the time you know a lot about systemd, 67 00:03:28,260 --> 00:03:32,610 this is showing useful information about this user. 68 00:03:32,610 --> 00:03:37,610 Now as I told you, the coolest thing is loginctl ter tap. 69 00:03:38,190 --> 00:03:41,910 If I use ter tap, I get tap completion, 70 00:03:41,910 --> 00:03:42,990 which ends in a hyphen. 71 00:03:42,990 --> 00:03:45,990 That probably means that there's too many choices. 72 00:03:45,990 --> 00:03:49,427 So there we go, terminate-session is what I want. 73 00:03:49,427 --> 00:03:52,890 I want to terminate session number 8. 74 00:03:52,890 --> 00:03:56,463 And, oh yeah, I need to authenticate for that. 75 00:03:57,330 --> 00:03:58,920 Now this is kind of cool. 76 00:03:58,920 --> 00:04:03,920 Loginctl is using a system component that is called D-Bus. 77 00:04:04,200 --> 00:04:06,300 D-Bus is for graphical applications 78 00:04:06,300 --> 00:04:08,310 to communicate to one another. 79 00:04:08,310 --> 00:04:11,520 And loginctl is communicating to GNOME, 80 00:04:11,520 --> 00:04:14,520 the graphical session manager is telling GNOME, "Hey, 81 00:04:14,520 --> 00:04:16,800 we need authentication." 82 00:04:16,800 --> 00:04:20,640 This is the alternative to providing the sudo information, 83 00:04:20,640 --> 00:04:24,000 and then, oh no, our connection timed out. 84 00:04:24,000 --> 00:04:25,020 I was too slow. 85 00:04:25,020 --> 00:04:26,460 So let's do it again. 86 00:04:26,460 --> 00:04:28,140 And let me type the password. 87 00:04:28,140 --> 00:04:30,093 And now the session is gone. 88 00:04:31,230 --> 00:04:33,870 So loginctl list-sessions. 89 00:04:33,870 --> 00:04:35,700 I don't have linda anymore. 90 00:04:35,700 --> 00:04:38,670 And as you can see on the remote Ubuntu machine, 91 00:04:38,670 --> 00:04:40,530 we have linda being sad. 92 00:04:40,530 --> 00:04:43,800 No more user linda anymore. 93 00:04:43,800 --> 00:04:46,353 I just terminated the session.