Support disabling of user switching per seat

In lp:~robert-ancell/lightdm/disable-user-switching I've added a seat option "allow-user-switching" that when set to false will stop any user switching from occurring.

The code in seat-unity.c is actually saying "this seat type is capable of user switching" (the name is very misleading). Also note that the normal seat type is "xlocal" (also a bit of a confusing name that's still like that for backwards compatibility). The "unity" is the seat type for Unity 8 which uses Unity System Compositor to switch between sessions and not VTs.

There has never been an option in the daemon to disable user switching - it's just been left to the greeter / shell to hide those options if they're not required. lp:~robert-ancell/lightdm/disable-user-switching adds such an option.

I'm a bit confused about your custom greeter changes to avoid this - are you only talking about the case where a user ends up at the greeter because the shell allowed them to go there (which you don't want)? So this is just a safety to stop them doing a user switch if that happens?

Let me know if this branch solves your requirement.

This definitely solves our issue, thanks both for the fix and for the outstanding turnaround time. I tested it on trusty, and set "allow-user-switching=false" in "[SeatDefaults]". Then, from within a stock Unity session, I tried to switch to another user from the indicator-session menu, and instead ended up locking my screen (as I would expect). When the screen was locked, "Switch Account" from the indicator menu simply had no effect (also as expected). So that's perfect, thanks.

Thanks for the clarification about the purpose of "can_switch" in the seat configuration. I realize there has never been an option before in the daemon to explicitly disable user-switching, but I'm glad there is now. From the system administrator's perspective, I think it should be something that can be globally disabled, particularly because the various shells tend to be bad at enforcing these options and preserving compatibility. LightDM has made it trivial to write our own greeter, which is great, but we don't want to get into the business of forking unity or gnome.

Yes, our custom greeter changes were required because Unity provides no way to disable user-switching from the screen locker, nor does it permit the user of an alternative screen-locker that does honor org.gnome.desktop.lockdown keys (i.e. gnome-screensaver). (filed as bug #1327384)

So we basically resorted to asking logind if there was already an active X11 session, and if so, refusing to log in as any user other than that one. https://github.com/mit-athena/lightdm-config/commit/5255191c is the change, if you're interested. But we're not terribly happy with it, so if this branch gets merged (and ideally SRU'd into Trusty), we'd love to back out that code.

Using lightdm 1.10.2, I tested setting allow-user-switching to false. Now, every time I log out of a Unity session I get the "The system is running in low-graphics mode" window. None of the options really help - I have to "start lightdm" from console to get to the greeter.

That is the Trusty version from ubuntu-desktop PPA, all updates are installed.

Status changed to 'Confirmed' because the bug affects multiple users.

It also happens with me. In my multiseat system, if I logout on a son-seat0 seat (which has allow-user-switching=false by default), lightdm fails to start a greeter on that seat:

DEBUG: Seat: Display server stopped
DEBUG: Seat: Active display server stopped, starting greeter
DEBUG: Seat: Stopping; failed to start a greeter
DEBUG: Seat: Stopping
DEBUG: Seat: Stopped

I guess the problem is related to seat_switch_to_greeter() calls in session_stopped or display_server_stopped callbacks in seat.c

Thanks for uploading the fix for this bug report to -proposed. However, when reviewing the package in -proposed and the details of this bug report I noticed that the bug description is missing information required for the SRU process. You can find full details at http://wiki.ubuntu.com/StableReleaseUpdates#Procedure but essentially this bug is missing some of the following: a statement of impact, a test case and details regarding the regression potential. Thanks in advance!

https://launchpad.net/ubuntu/+source/lightdm/1.10.3-0ubuntu2 is available in trusty-proposed.

---------------
lightdm (1.10.3-0ubuntu2) trusty; urgency=medium

  * Refresh patches

 -- Robert Ancell <email address hidden> Fri, 10 Oct 2014 21:24:51 +1300

lightdm (1.10.3-0ubuntu1) trusty; urgency=medium

  * New upstream release:
    - Fix crash when having configuration keys defined in multiple places
      (LP: #1377373)
    - Allow user switching in multi-seat until bug stopping greeter showing on
      logout is fixed
    - Don't access .dmrc files until information from these files is required
      (LP: #1370852)
    - Do timed autologin each time you are returned to the greeter
      (LP: #1302491)

 -- Robert Ancell <email address hidden> Thu, 09 Oct 2014 09:01:21 +1300

lightdm (1.10.2-0ubuntu1) trusty; urgency=medium

  * New upstream release:
    - Use logind to provide the list of seats to use. This is disabled unless
      logind-load-seats (in [LightDM] section) is set to true. This is the
      default behaviour in lightdm 1.12. (LP: #1190581)
    - Fix crash if running script hooks with non-X display servers.
      (LP: #1305006)
    - Add a seat option 'allow-user-switching' that can disable all user
      switching for that seat. (LP: #1350357)
    - Make PAM services configurable. (LP: #1348251)
    - Add liblightdm method to get user UID. (LP: #1370327)
    - Add a new session type 'mir-container' that allows the session to run
      inside a custom system compositor. (LP: #1359332)
    - Add --show-config option that shows combined configuration.
    - Use XDG_SESSION_ID from PAM instead of using the logind D-Bus API.
      (LP: #1364725)
    - Make socket writing code used between greeter and daemon more robust to
      errors.
    - Correct section name in default users.conf file.
    - Fix tests failing with Qt 5.3 due to it checking getuid/geteuid which we
      are faking.
    - Fix small memory leaks.
    - Test improvements

 -- Robert Ancell <email address hidden> Wed, 17 Sep 2014 16:27:53 +1200

lightdm is available in the trusty-proposed repository and at https://launchpad.net/ubuntu/+source/lightdm/1.10.3-0ubuntu2 .

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Confirmed fixed in 1.10.3-0ubuntu2

This bug was fixed in the package lightdm - 1.10.3-0ubuntu2

---------------
lightdm (1.10.3-0ubuntu2) trusty; urgency=medium

  * Refresh patches
 -- Robert Ancell <email address hidden> Fri, 10 Oct 2014 21:24:51 +1300