We have a setup where students log in (using LDAP auth) to Ubuntu 16.04 machines, where two network cards are installed: one to connect to the LAN and Ethernet, and the second one to expose a connection for user devices (e.g. Raspberry Pi). Currently, the secondary network interface (and the related iptables rules and dnsmasq daemon) is permanently up, but we'd like to have it up only while a user is locally logged in.
As far as I understand, using systemd it should be possible to have a service (which might be a script taking up or down the network interface) running when a user logs in and out. However, we'd need to make sure that only local logins would work for this (i.e., tty1-6 or the GUI login on lightdm) (this is for compliance reasons, as we can't leave around "free-to-use" network cables that can work without a proper user authentication), and I can't figure out in the documentation how to do this properly.
For now I tried this unit file:
[Unit]
Description=LAN sharing for users
[Service]
Type=oneshot
RemainAfterExit=false
Restart=no
ExecStart=/sbin/ifup eth1
ExecStop=/sbin/ifdown eth1
[Install]
WantedBy=default.target
But I can't manage to have this run as root at user login, nor how to ensure that this is a local login. Is this at all possible with systemd (on Ubuntu 16.04 LTS, i.e. systemd version 229-4), and how to properly implement it? I would expect this to be trivial (I would see this as giving privileges for a peripheral like sound card only to locally logged in users).
0 Answers