Configuring Lubuntu 18.04 to enable hibernation using a swap file

In an earlier post about Lubuntu 18.04 I stated that hibernation is precluded because the Lubuntu Installer installs the OS with a swap file instead of a swap partition. In fact, even with a swap file it is possible to configure Lubuntu so that hibernation is possible. This is how I did it.

1.  This PC has 4 GiB RAM but the Lubuntu Installer had created a 2 GiB swap file named /swapfile, so I increased the size of the swap file to 4 GiB to ensure it was large enough to store the memory image:

user $ sudo swapoff -a
user $ sudo dd if=/dev/zero of=/swapfile bs=1024 count=4M
user $ sudo chmod 600 /swapfile
user $ sudo mkswap /swapfile
user $ sudo swapoff -a
user $ sudo swapon /swapfile
user $ cat /proc/meminfo | grep -i memtotal
MemTotal:        3924108 kB
user $ ls -la /swapfile
-rw------- 1 root root 4294967296 Jul 10 18:25 /swapfile

Note that you can check the status of the swap file before and after the above steps by using either of the following commands:

user $ swapon -s
user $ free -m

2.  The Lubuntu Installer had previously configured /etc/fstab for the swap file, so I left that as it is:

user $ grep swapfile /etc/fstab
/swapfile                                 none            swap    sw              0       0

3.  I checked on which device the root partition with the file /swapfile is located (sda2 in my case) and found out its UUID (ignore the PARTUUID):

user $ sudo blkid
[sudo] password for fitzcarraldo:
/dev/sda1: UUID="3602-BD57" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="72b3693e-b81f-7299-84fb-bf3781bef43d"
/dev/sda2: UUID="afe17116-26fa-4169-b2d9-fb6ac8afc63c" TYPE="ext4" PARTUUID="738fed17-293d-832f-c7a4-e83471fe8ca6"

4.  I found the resume_offset for the file /swapfile, which is 16746496 in my case (look for the first value in the two columns under ‘physical_offset‘):

user $ sudo filefrag -v /swapfile
Filesystem type is: ef53
File size of /swapfile is 4294967296 (1048576 blocks of 4096 bytes)
 ext:     logical_offset:        physical_offset: length:   expected: flags:
   0:        0..   30719:   16746496..  16777215:  30720:            
   1:    30720..   63487:   16809984..  16842751:  32768:   16777216:
   2:    63488..   96255:   16842752..  16875519:  32768:            
   3:    96256..  126975:   16875520..  16906239:  30720:            
   4:   126976..  129023:   16908288..  16910335:   2048:   16906240:
   5:   129024..  161791:   16912384..  16945151:  32768:   16910336:
   6:   161792..  194559:   16945152..  16977919:  32768:            
   7:   194560..  227327:   16977920..  17010687:  32768:            
   8:   227328..  249855:   17010688..  17033215:  22528:            
   9:   249856..  282623:   17035264..  17068031:  32768:   17033216:
  10:   282624..  315391:   17068032..  17100799:  32768:            
  11:   315392..  319487:   17100800..  17104895:   4096:            
  12:   319488..  321535:   17121280..  17123327:   2048:   17104896:
  13:   321536..  325631:   17129472..  17133567:   4096:   17123328:
  14:   325632..  327679:   17137664..  17139711:   2048:   17133568:
  15:   327680..  329727:   17143808..  17145855:   2048:   17139712:
  16:   329728..  331775:   17154048..  17156095:   2048:   17145856:
  17:   331776..  339967:   17162240..  17170431:   8192:   17156096:
  18:   339968..  344063:   24485888..  24489983:   4096:   17170432:
  19:   344064..  346111:   32665600..  32667647:   2048:   24489984:
  20:   346112..  348159:   32677888..  32679935:   2048:   32667648:
  21:   348160..  350207:   33261568..  33263615:   2048:   32679936:
  22:   350208..  352255:   33363968..  33366015:   2048:   33263616:
  23:   352256..  354303:   33853440..  33855487:   2048:   33366016:
  24:   354304..  356351:   34000896..  34002943:   2048:   33855488:
  25:   356352..  389119:   34027520..  34060287:  32768:   34002944:
  26:   389120..  391167:   34060288..  34062335:   2048:            
  27:   391168..  393215:   34134016..  34136063:   2048:   34062336:
  28:   393216..  395263:   34158592..  34160639:   2048:   34136064:
  29:   395264..  428031:   34189312..  34222079:  32768:   34160640:
  30:   428032..  452607:   34222080..  34246655:  24576:            
  31:   452608..  485375:   34248704..  34281471:  32768:   34246656:
  32:   485376..  518143:   34281472..  34314239:  32768:            
  33:   518144..  550911:   34314240..  34347007:  32768:            
  34:   550912..  583679:   34347008..  34379775:  32768:            
  35:   583680..  616447:   34379776..  34412543:  32768:            
  36:   616448..  643071:   34412544..  34439167:  26624:            
  37:   643072..  645119:   34445312..  34447359:   2048:   34439168:
  38:   645120..  649215:   34457600..  34461695:   4096:   34447360:
  39:   649216..  659455:   34463744..  34473983:  10240:   34461696:
  40:   659456..  688127:   34476032..  34504703:  28672:   34473984:
  41:   688128..  690175:   34506752..  34508799:   2048:   34504704:
  42:   690176..  692223:   34510848..  34512895:   2048:   34508800:
  43:   692224..  724991:   34514944..  34547711:  32768:   34512896:
  44:   724992..  757759:   34549760..  34582527:  32768:   34547712:
  45:   757760..  778239:   34582528..  34603007:  20480:            
  46:   778240..  786431:   34637824..  34646015:   8192:   34603008:
  47:   786432..  819199:   34648064..  34680831:  32768:   34646016:
  48:   819200..  843775:   34680832..  34705407:  24576:            
  49:   843776..  845823:   34707456..  34709503:   2048:   34705408:
  50:   845824..  849919:   34713600..  34717695:   4096:   34709504:
  51:   849920..  854015:   34729984..  34734079:   4096:   34717696:
  52:   854016..  886783:   34744320..  34777087:  32768:   34734080:
  53:   886784..  919551:   34777088..  34809855:  32768:            
  54:   919552..  950271:   34809856..  34840575:  30720:            
  55:   950272..  983039:   34842624..  34875391:  32768:   34840576:
  56:   983040.. 1015807:   34875392..  34908159:  32768:            
  57:  1015808.. 1048575:   34908160..  34940927:  32768:             last,eof
/swapfile: 38 extents found

Note that you can also find the resume_offset by installing the package uswsusp and using the command swap-offset on the swap file:

user $ sudo apt install uswsusp
user $ sudo swap-offset /swapfile
resume offset = 16746496

5.  I updated the file /boot/grub/grub.cfg using the information found in Steps 3 & 4 as follows:

5.1  I added ‘resume=UUID=afe17116-26fa-4169-b2d9-fb6ac8afc63c resume_offset=16746496 resumedelay=15‘ to the parameters in the variable GRUB_CMDLINE_LINUX_DEFAULT in the file /etc/default/grub (Your existing parameters could be different to mine; that is not a problem):

user $ sudo nano /etc/default/grub
#
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi_backlight=vendor acpi_osi='!Windows 2013' acpi_osi='!Windows 2012' resume=UUID=afe17116-26fa-4169-b2d9-fb6ac8afc63c resume_offset=16746496 resumedelay=15"
#

Note that the optional ‘resumedelay=15‘ specifies the delay (in seconds) to pause before attempting to read the resume files. I added this to try to allow enough time for the filesystem containing the swap file to become Read-Write.

5.2  I regenerated /boot/grub/grub.cfg by using the following command:

user $ sudo update-grub

6.  I edited the file /etc/initramfs-tools/conf.d/resume using the information found in Steps 3 & 4, and regenerated the initramfs files for the kernel images in the /boot directory:

user $ sudo nano /etc/initramfs-tools/conf.d/resume
RESUME=UUID=afe17116-26fa-4169-b2d9-fb6ac8afc63c resume_offset=16746496
# Resume from /swapfile
user $ sudo update-initramfs -u -k all

7.  I edited the Polkit rules files to permit hibernation (Create the files if they do not already exist):

7.1  For Polkit version 0.106 and higher

user $ sudo nano /etc/polkit-1/rules.d/85-suspend.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.suspend" ||
        action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
        action.id == "org.freedesktop.login1.hibernate" ||
        action.id == "org.freedesktop.login1.hibernate-multiple-sessions")
    {
        return polkit.Result.YES;
    }
});

7.2  For Polkit versions below 0.106

user $ sudo nano /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla
[Allow hibernation and suspending with lock screen]
Identity=unix-user:*
Action=org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=yes
ResultInactive=yes
ResultActive=yes

It does not do any harm to create both the above-mentioned rules files, whatever the version of Polkit that happens to be installed.

8.  I rebooted, logged in, launched a few GUI applications and then clicked on the Lubuntu menu icon on the Panel and selected ‘Logout’ > ‘Hibernate’, which did put the machine into hibernation. I then pressed the PC’s power push-button to resume from disk, entered my password on the lock screen and the Desktop appeared exactly as it was prior to hibernation. All good.

Advertisements

Getting the lock screen to work reliably when resuming from suspension in a single-seat, multi-user Lubuntu 18.04 installation

In an earlier post I described my attempt at getting the lock screen to work reliably in the single-seat, multi-user Lubuntu 17.10 installation on my family’s desktop PC. Although the modifications described in that post seemed to improve matters somewhat, users were still not always able to login from the LightDM greeter screen after resuming from Suspend to RAM in the following situation:

  1. User_A logs in to User_A’s account but does not log out after using the account.
  2. User_B clicks on ‘Logout’ > ‘Switch User’ to log in to User_B’s account but does not log out.
  3. User_A clicks on ‘Logout’ > ‘Switch User’ to get back to User_A’s account.
  4. User_A allows his/her session to timeout and suspend to RAM.
  5. User_B presses a key on the keyboard to resume from suspension, and the LightDM lock screen is displayed.
  6. User_B enters his/her password and then clicks on ‘Unlock’, but the LightDM lock screen remains on display and nobody can log in any more, although the keys on the lock screen are still clickable.

When this occurs, the only way users can access their Desktop is to click on the Power icon in the top right corner of the lock screen and select ‘Restart…’.

The Software Updater in Lubuntu 17.10 recently offered me the choice of upgrading to Lubuntu 18.04, which I accepted. The upgrade was performed and the only hitch that resulted was an incorrect initramfs, which was simple enough to fix (see my post Lubuntu 18.04 ‘Gave up waiting for suspend/resume device’). However, the above-mentioned problem of unlocking after resuming from suspension still occurred in Lubuntu 18.04. Below are the changes I made since the modifications described in my post Getting the lock screen to work properly when resuming from Suspend-to-RAM with multiple sessions in Lubuntu 17.10 (the other changes in that post remain), which seem to have cured the problem.

Change to Item 2 in my earlier post

I reverted the Exec line in /etc/xdg/autostart/light-locker.desktop back to how it was originally following installation of Lubuntu:

user $ grep Exec /etc/xdg/autostart/light-locker.desktop
Exec=light-locker

Change to Item 3 in my earlier post

I deleted the file /lib/systemd/system-sleep/hang-fix that I had previously created:

user $ sudo rm /lib/systemd/system-sleep/hang-fix

Change to Item 7 in my earlier post

The Xfce Power Manager ‘Security’ tab for each user now has ‘Lock screen when system is going for sleep’ ticked:

Light Locker

  • Automatically lock the session: Never
  • Delay locking after screensaver for: ‘1 Seconds’ is greyed out
  • ‘Lock screen when system is going for sleep’ is ticked

The full Xfce Power Manager settings for each user (see the file ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-power-manager.xml in each user’s home directory) are now configured as follows:

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-power-manager" version="1.0">
  <property name="xfce4-power-manager" type="empty">
    <property name="power-button-action" type="empty"/>
    <property name="show-tray-icon" type="empty"/>
    <property name="brightness-switch-restore-on-exit" type="int" value="1"/>
    <property name="brightness-switch" type="int" value="0"/>
    <property name="presentation-mode" type="bool" value="false"/>
    <property name="inactivity-on-ac" type="uint" value="30"/>
    <property name="blank-on-ac" type="int" value="10"/>
    <property name="dpms-on-ac-sleep" type="uint" value="0"/>
    <property name="dpms-on-ac-off" type="uint" value="0"/>
    <property name="brightness-on-ac" type="uint" value="9"/>
    <property name="lock-screen-suspend-hibernate" type="bool" value="true"/>
    <property name="logind-handle-lid-switch" type="bool" value="false"/>
    <property name="dpms-enabled" type="bool" value="false"/>
    <property name="general-notification" type="bool" value="true"/>
  </property>
</channel>

Additional modifications

In another of my posts (Prevent Lubuntu 17.10 from leaving an external HDD mounted incorrectly for other users) I explained the modifications I made in Lubuntu 17.10 for a single-seat, multi-user installation to work properly with a permanently connected external USB HDD. However, I recently noticed the following problems resulting from those modifications:

A. The following error message in the LightDM log file /var/log/lightdm/lightdm.log:

[SeatDefaults] is now called [Seat:*], please update this configuration

So I changed the contents of the file /etc/lightdm/lightdm.conf.d/10_lubuntu.conf from:

[SeatDefaults]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh

to:

[Seat:*]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh

B. The following error message in the LightDM log file/var/log/lightdm/lightdm.log when the USB external HDD happened to not be mounted at the time:

DEBUG: Launching process 8569: /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh
DEBUG: Process 8569 terminated with signal 11

So I changed the contents of my Bash script /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh from:

#!/bin/bash
udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015

to:

#!/bin/bash
STATUS=`mount | grep $(readlink -f /dev/disk/by-uuid/C6576A087368B015 )`
if [[ ! -z $STATUS ]]; then
    udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015
fi
exit 0

Conclusions

It is early days, but so far the login problem for other users after resuming from suspension has not reoccurred since I made the latest changes. I am not sure if the modifications described in my post ‘Prevent Lubuntu 17.10 from leaving an external HDD mounted incorrectly for other users‘ contributed to (or caused) the login problem, or whether one or more of systemd-logind, LightDM, LightDM GTK+ Greeter, Light Locker and Xfce Power Manager are to blame (since they have to work holistically to provide the required functionality). It is frustrating not knowing the root cause of the problem, but at least my family no longer has to worry about being able to log in if a family member has not logged out and left the PC to suspend.

Lubuntu 18.04 ‘Gave up waiting for suspend/resume device’

Software Updater in Lubuntu 17.10 recently prompted me to upgrade the OS to 18.04 LTS, and I clicked on ‘Yes, Upgrade Now’. The upgrade was performed and I was able to boot the PC into 18.04, login and access the Desktop as usual. However, I noticed a new message ‘Gave up waiting for suspend/resume device‘ was displayed on TTY1.

Now, I recalled that the Lubuntu 17.10 Installer had created a swap file rather than a swap partition when I installed Lubuntu, as confirmed in the output listed below:

user $ sudo blkid
[sudo] password for fitzcarraldo: 
/dev/sda1: UUID="3602-BD57" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="72b3693e-b81f-7299-84fb-bf3781bef43d"
/dev/sda2: UUID="afe17116-26fa-4169-b2d9-fb6ac8afc63c" TYPE="ext4" PARTUUID="738fed17-293d-832f-c7a4-e83471fe8ca6"
user $ swapon
NAME      TYPE SIZE USED PRIO
/swapfile file   2G   0B   -2
user $ ls /swapfile 
/swapfile

The initramfs installed by upgrading to Lubuntu 18.04 expects a swap partition in order to resume from hibernation:

user $ lsinitramfs /initrd.img | grep resume
scripts/local-premount/resume
bin/resume
conf/conf.d/resume

And, when I regenerated the initramfs files for the three kernel images in the /boot directory, I could see from the terminal output that the update-initramfs tool was expecting a swap partition:

user $ sudo update-initramfs -u -k all
update-initramfs: Generating /boot/initrd.img-4.15.0-23-generic
W: initramfs-tools configuration sets RESUME=UUID=7b4cb3c5-4c17-42ae-be3c-cc35d31fe287
W: but no matching swap device is available.
update-initramfs: Generating /boot/initrd.img-4.15.0-22-generic
W: initramfs-tools configuration sets RESUME=UUID=7b4cb3c5-4c17-42ae-be3c-cc35d31fe287
W: but no matching swap device is available.
update-initramfs: Generating /boot/initrd.img-4.13.0-43-generic
W: initramfs-tools configuration sets RESUME=UUID=7b4cb3c5-4c17-42ae-be3c-cc35d31fe287
W: but no matching swap device is available.

I had a look in the file /etc/initramfs-tools/conf.d/resume and found that it had indeed been configured to expect a swap partition, although I have no idea where that UUID came from, as it was not for any of the partitions on this PC:

user $ cat /etc/initramfs-tools/conf.d/resume
RESUME=UUID=7b4cb3c5-4c17-42ae-be3c-cc35d31fe287

So I edited the contents of the configuration file to point to the swap file /swapfile instead of a non-existent partition:

user $ cat /etc/initramfs-tools/conf.d/resume
#RESUME=UUID=7b4cb3c5-4c17-42ae-be3c-cc35d31fe287
RESUME=/swapfile

Then I regenerated the initramfs files for the three kernel images currently in /boot on the PC:

user $ sudo update-initramfs -u -k all
update-initramfs: Generating /boot/initrd.img-4.15.0-23-generic
update-initramfs: Generating /boot/initrd.img-4.15.0-22-generic
update-initramfs: Generating /boot/initrd.img-4.13.0-43-generic

As you can see above, there were no longer any messages that ‘no matching swap device is available‘. And, when I rebooted the PC, the message ‘Gave up waiting for suspend/resume device‘ was no longer displayed on TTY1. All good again, although it’s a pity the Lubuntu Installer did not create a swap partition so that the installation could be put into hibernation. With a swap file, hibernation is not possible.

Update (14 July 2018): Actually, it is possible to hibernate if the installation has a swap file instead of a swap partition – see my latest post: Configuring Lubuntu 18.04 to enable hibernation using a swap file.

Getting the lock screen to work properly when resuming from Suspend-to-RAM with multiple sessions in Lubuntu 17.10

Introduction

What is it with Linux and lock screens?! There are umpteen posts on the Web by Linux users having trouble with lock screens, particularly the LightDM session locker Light Locker. Well, here is my contribution.

Lubuntu 17.10 is installed on my family’s desktop PC (single seat, multiple users). Lubuntu 17.10 uses systemd-logind, LightDM, Light Locker and Xfce Power Manager, and they do not work properly holistically in my experience. To confuse matters further, Lubuntu 17.10 also has XScreenSaver installed, which also has lock-screen capabilities.

In Lubuntu 17.10 on my family’s desktop PC, Light Locker displays the LightDM GTK+ Greeter screen when anyone wakes/resumes the PC from suspension by pressing a key on the USB keyboard, and users should then be able to log in by selecting their username from the pull-down list on the LightDM GTK+ Greeter screen and entering their password. However, if only a single user session existed when the PC suspended automatically (i.e. by timeout), upon resuming from suspension a black screen with a white padlock icon and the following message in white/grey text from light-locker would appear:

This session is locked
You’ll be redirected to the unlock
dialog automatically in a few seconds

But then nothing else happened; the above-mentioned message remained on display. I could press Ctrl+Alt+F1, login on TTY1 and enter the command ‘loginctl unlock-sessions‘ to get back to the Desktop, but that is not something the rest of my family would know how to do or be comfortable doing. In any case, I have only given sudo rights to one other member of the family.

Another problem would occur if the PC was left to suspend automatically with more than one user still logged in (i.e. more than one session). Although Light Locker would display the LightDM GTK+ Greeter screen upon resuming from suspension, and users could select their username from the pull-down list and enter their password, the LightDM GTK+ Greeter screen would remain on display and it would no longer be possible to re-enter a password (although it was still possible to select users from the pull-down list of users, and to select ‘Suspend’, ‘Restart…’ and ‘Shutdown…’ from the pull-down power menu). However, if users suspended the PC manually by selecting ‘Logout’ > ‘Lock Screen’ from the Lubuntu Menu, upon waking/resuming it was possible to enter their password on the LightDM GTK+ Greeter screen to return to their Desktop.

In this article I explain what I did to try and rectify these problems.

By the way, note that hibernation is disabled by default in Lubuntu 17.10 and you may need to make further changes if you want to enable hibernation as well. For example, does the PC have a swap partition, and is it large enough to enable hibernation? Also see the article: How to Enable Hibernate in Ubuntu 17.10 for possible help.

Modifications

The package light-locker-settings was not installed in Lubuntu 17.10. Do not install it. If it happens to be installed do not use ‘Preferences’ > ‘Light Locker Settings’, as it makes the Exec entry in the user’s light-locker.desktop file just ‘Exec=‘ or ‘Exec=light-locker‘. In fact, having installed light-locker-settings manually to check what could be configured via its GUI, I uninstalled it in order to stop anyone using it. (Under ‘Screensaver’, the Light Locker Settings GUI displays the following message: ‘Your screensaver settings are managed by Xfce Power Manager.’ and there is a button ‘Open’ to click on to launch the Xfce Power Manager settings GUI.) Presumably this was why it was not included when Lubuntu 17.10 was first installed to the HDD.

1.  I removed any light-locker.desktop files of individual users, leaving only the system-wide file:

$ sudo rm /home/*/.config/autostart/light-locker.desktop
$ sudo updatedb
$ locate light-locker.desktop
/etc/xdg/autostart/light-locker.desktop

2.  I edited the system-wide light-locker.desktop file to contain the following command to execute Light Locker:

$ grep Exec /etc/xdg/autostart/light-locker.desktop
Exec=light-locker --lock-after-screensaver=0 --no-lock-on-suspend --no-lock-on-lid --no-idle-hint

3.  I created the Bash script file /lib/systemd/system-sleep/hang-fix for systemd to run when suspending and resuming from suspension, with the permissions shown:

#!/bin/sh
case "$1" in
    pre|suspend|hibernate)
        date | tr -d '\n' >> /home/fitzcarraldo/sleep.log
        echo " going to sleep." >> /home/fitzcarraldo/sleep.log
        chvt 1
        loginctl unlock-sessions
    ;;
    post|resume|thaw)
        date | tr -d '\n' >> /home/fitzcarraldo/sleep.log
        echo " waking from sleep." >> /home/fitzcarraldo/sleep.log
        loginctl lock-sessions
        chvt 7
    ;;
    *)
        exit $NA
    ;;
esac
exit 0

$ sudo chmod 755 /lib/systemd/system-sleep/hang-fix
$ ls -la /lib/systemd/system-sleep/hang-fix
-rwxr-xr-x 1 root root 581 Apr 14 08:09 /lib/systemd/system-sleep/hang-fix

The above script is a hack to get around the problem of Light Locker resuming and apparently not knowing which session to unlock. I used the loginctl commands in this script rather than the Xfce Power Manager suspend options and Light Locker options such as ‘--late-locking‘ and ‘--lock-on-suspend‘ because I found that the Light Locker options and the Xfce Power Manager options did not fix the problem.

4.  I created two files for Polkit (to cover all Polkit versions to date) with the permissions as shown below.

4.1  The file /etc/polkit-1/rules.d/85-suspend.rules with the following contents:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.suspend" ||
        action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
        action.id == "org.freedesktop.login1.hibernate" ||
        action.id == "org.freedesktop.login1.hibernate-multiple-sessions")
    {
        return polkit.Result.YES;
    }
});

If you do not have a swap partition large enough to enable hibernation, or you do not want to allow the PC to hibernate, use the following instead of the above:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.suspend" ||
        action.id == "org.freedesktop.login1.suspend-multiple-sessions")
    {
        return polkit.Result.YES;
    }
});

$ sudo chmod 755 /etc/polkit-1/rules.d
$ sudo chmod 644 /etc/polkit-1/rules.d/85-suspend.rules
$ ls -la /etc/polkit-1/rules.d/85-suspend.rules
-rw-r--r-- 1 root root 359 Apr 19 22:14 /etc/polkit-1/rules.d/85-suspend.rules

4.2  The file /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla with the following contents:

[Allow suspending with lock screen]
Identity=unix-user:*
Action=org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=yes
ResultInactive=yes
ResultActive=yes

If you do not have a swap partition large enough to enable hibernation, or you do not want to allow the PC to hibernate, use the following instead of the above:

[Allow suspending with lock screen]
Identity=unix-user:*
Action=org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions
ResultAny=yes
ResultInactive=yes
ResultActive=yes

$ sudo chmod 644 /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla
$ sudo ls -la /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla
-rw-r--r-- 1 root root 191 Apr 20 10:01 /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla

The above files are intended to get rid of the following error messages in a pop-up window and pop-up notification ballon, respectively, that prevent the OS from suspending automatically:

Authentication
Authentication is required for suspending
the system while other users are logged in.

Power Manager
GDBus.Error:org.freedesktop.DBus.Error.NoReply:
Method call timed out

By the way, the version of Polkit installed currently is 0.105:

$ pkaction --version
pkaction version 0.105

5.  I added all users to the users group (although I do not think this is essential):

$ sudo usermod -a -G users fitzcarraldo
$ sudo usermod -a -G users molly
$ sudo usermod -a -G users aquilino
$ sudo usermod -a -G users cholo
$ sudo usermod -a -G users paul

6.  I made sure the XScreenSaver settings for each user are as follows:

XScreenSaver (‘Preferences’ > ‘Screensaver’)

The ‘Display Modes’ tab has:

  • ‘Mode: Disable Screen Saver’

The ‘Advanced’ tab has everything unticked on it except for:

7.  I made sure the Xfce Power Manager settings for each user are as follows:

Xfce Power Manager (‘Preferences’ > ‘Power Manager’)

The ‘General’ tab has:
Buttons

  • When power button is pressed: Ask
  • When sleep button is pressed: Do nothing
  • When hibernate button is pressed: Do nothing

Appearance

  • Show notifications is ticked
  • Show system tray icon is ticked

The ‘System’ tab has:
System power saving

  • System sleep mode: Suspend
  • When inactive for 15 Minutes (You can make the number of minutes different for each user, if you want.)

The ‘Display’ tab has:
Display power management settings

  • ‘Handle display power management’ is ticked
  • Blank after: 5 Minutes
  • Put to sleep after: Never
  • Switch off after: Never

The ‘Security’ tab has:
Light Locker

  • Automatically lock the session: Never
  • Delay locking after screensaver for: ‘1 Seconds’ is greyed out
  • ‘Lock screen when system is going for sleep’ is not ticked

8.  I made sure the ‘Default Applications for LXSession’ settings for each user are as follows:

Select ‘Preferences’ > ‘Default Applications for LXSession’, click on ‘Autostart’ and untick ‘XScreenSaver’ if it is ticked. ‘Power Manager’ and ‘Screen Locker’ should already be ticked, so tick them if they are not. I left ‘PolicyKit Handler’ and ‘PolicyKit Authentication Agent’ unticked (Lubuntu 17.10 uses Polkit, the successor to PolicyKit).

9.  Although Lubuntu 17.10 does not use GNOME, I found that gsettings is installed. I did the following just in case, although I believe it is irrelevant in this particular case:

$ gsettings --version
2.54.1
$ gsettings set org.gnome.desktop.screensaver ubuntu-lock-on-suspend 'false'
$ gsettings get org.gnome.desktop.screensaver ubuntu-lock-on-suspend
false
$ gsettings set org.gnome.desktop.screensaver lock-enabled 'false'
$ gsettings get org.gnome.desktop.screensaver lock-enabled
false

Conclusion

After doing all the above, upon resuming from Suspend-to-RAM on most, but not all, occasions it is now possible to select any username on the LightDM GTK+ Greeter screen, enter that user’s password and successfully display the user’s Desktop. The LightDM GTK+ Greeter screen no longer hangs/freezes every time.

When more than one user is logged in (i.e. there is more than one session), the PC will suspend automatically if there is no user activity in a particular session during the configured timeout period for that session. Pressing a key on the USB keyboard will then wake the PC and display the LightDM GTK+ Greeter screen. The desired username can then be selected and the corresponding password entered. The following is an example of the sort of thing that can happen:

  • User fitzcarraldo (timeout configured as 30 minutes) logs in to his account at 09:00 and uses the PC until he locks his session manually (Ctrl+Alt+L) at 09:11.
  • User paul (timeout configured as 15 minutes) logs in to his account at 09:15 and uses the PC until he locks his session manually at 09:23.
  • User molly (timeout configured as 45 minutes) logs in to her account at 09:25 and uses the PC for several hours.
  • At 09:38, while user molly is using the PC, the PC automatically suspends to RAM (15 minutes after user paul stopped using his session). User molly has to wake the PC from suspension. Nothing is lost.
  • At 09:41, while user molly is using the PC, the PC automatically suspends to RAM (30 minutes after user fitzcarraldo stopped using his session). User molly has to wake the PC from suspension. Nothing is lost.

To avoid scenarios such as the above, if a user does not need the session any longer it is better to log out rather than leave the session in existence.

How to display a user’s avatar instead of the generic avatar on the LightDM GTK Greeter screen in Lubuntu 17.10

I recently installed Lubuntu 17.10 on my family’s PC (single-seat, multi-user). The default avatar was displayed for each user on the LightDM greeter screen, rather than each user’s individual avatar. I have experienced this problem in more than one Linux distribution (Gentoo, Sabayon and now Lubuntu 17.10), more than one Desktop Environment (KDE, GNOME and now LXDE), and more than one Display Manager (LightDM and SDDM), so my suspicion is that the problem lies with AccountsService rather than the DE or DM. Anyway, here is how I fixed the problem in Lubuntu 17.10. The example below is for user fitzcarraldo, and I used the same procedure for each username in the installation.

1. Create a 96×96 PNG avatar /home/fitzcarraldo/Pictures/fitzcarraldo.png

2. Edit the file /var/lib/AccountsService/users/fitzcarraldo to contain the following:

[User]
XSession=Lubuntu
SystemAccount=false
Icon=/var/lib/AccountsService/icons/fitzcarraldo	

3. Make sure that the file has 644 permissions:

$ ls -la /var/lib/AccountsService/users/fitzcarraldo
-rw-r--r-- 1 root root 85 Jan  1 02:53 /var/lib/AccountsService/users/fitzcarraldo

4. Copy the avatar to the relevant directory and make sure it has 644 permissions:

$ sudo cp /home/fitzcarraldo/Pictures/fitzcarraldo.png /var/lib/AccountsService/icons/fitzcarraldo
$ ls -la /var/lib/AccountsService/icons/fitzcarraldo
-rw-r--r-- 1 root root 14860 Jan  1 02:54 /var/lib/AccountsService/icons/fitzcarraldo

After rebooting, the desired avatar should be displayed on LightDM’s GTK Greeter screen.

Background reading

  1. KDE Bug Report No. 336994 – User Manager does not show one particular user in the list unless I login as that user
  2. Gentoo Forums – user-manager in plasma desktop not populating users
  3. Gentoo Forums – LightDM greeter username in list stuck and can’t add others

Prevent Lubuntu 17.10 from leaving an external HDD mounted incorrectly for other users

My family’s PC running Lubuntu 17.10 has an external USB HDD connected permanently. There are several user accounts on this machine, i.e. it is a single-seat, multi-user installation. If a user does not unmount this external HDD before logging out, it is still mounted with the privileges of the previous user when another user logs in. If the current user clicks on the media unmount symbol (⏏) in the PCManFM File Manager, LXDE prompts the user to enter the previous user’s password. So I wanted to configure the OS to unmount the external HDD when each user logs out or when another user selects ‘Switch User’. The way I did that was to use the LightDM display manager to unmount the external drive at the end of a session, as explained below. Then the Udisks daemon will mount the drive correctly for any user who either logs in or switches back to his/her session.

Lubuntu 17.10 as installed has an empty directory /etc/lightdm/lightdm.conf.d/ so I created two files in that directory:

$ ls -la /etc/lightdm/lightdm.conf.d/
total 16
drwxr-xr-x 2 root root 4096 Jan  1 06:18 .
drwxr-xr-x 4 root root 4096 Jan  1 05:11 ..
-rw-r--r-- 1 root root   89 Jan  1 06:18 10_lubuntu.conf
-rwxr-xr-x 1 root root   80 Jan  1 05:55 unmount_FREECOM_HDD.sh
$ cat /etc/lightdm/lightdm.conf.d/10_lubuntu.conf
[SeatDefaults]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh
$ cat /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh 
#!/bin/bash
udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015

where ‘C6576A087368B015‘ is the UUID of the external USB HDD as found from the blkid command:

$ sudo blkid | grep "FREECOM HDD"
/dev/sdb1: LABEL="FREECOM HDD" UUID="C6576A087368B015" TYPE="ntfs" PARTUUID="0024db7f-32"

Don’t forget to make the Bash script executable. Then reboot to enable the functionality. From now on the external HDD will be correctly mounted for each user who logs in to his/her account.

Update (Monday, 9 July 2018): Since I wrote the above post I upgraded Lubuntu to 18.04 and I recently noticed the following problems resulting from the above-mentioned modifications:

A. The following error message in the LightDM log file /var/log/lightdm/lightdm.log:

[SeatDefaults] is now called [Seat:*], please update this configuration

So I changed the contents of the file /etc/lightdm/lightdm.conf.d/10_lubuntu.conf from:

[SeatDefaults]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh

to:

[Seat:*]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh

B. The following error message in the LightDM log file /var/log/lightdm/lightdm.log when the USB external HDD happened to not be mounted at the time:

DEBUG: Launching process 8569: /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh
DEBUG: Process 8569 terminated with signal 11

So I changed the contents of my Bash script /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh from:

#!/bin/bash
udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015

to:

#!/bin/bash
STATUS=`mount | grep $(readlink -f /dev/disk/by-uuid/C6576A087368B015 )`
if [[ ! -z $STATUS ]]; then
    udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015
fi
exit 0

Backing up users’ home directories in a Linux installation that uses systemd

This is to explain how I configured Lubuntu 17.10 on my family’s PC (single seat; multiple user accounts) to backup all users’ files to a permanently-connected external USB HDD. I wanted a basic solution that would backup automatically every user’s home directory at shutdown but not when rebooting, and would do this whichever user happens to be using the PC. We have no need to archive older versions of the same file, so overwriting a file on the external USB HDD with a newer version of that file from the PC’s HDD is fine. However, we do not want files on the external USB HDD to be deleted if the corresponding files have been deleted from the PC’s HDD. Additionally, I want a time-stamped record of the backup process to be logged to a file in my home directory so I can check periodically what has been happening. As explained in my previous post, two files are used to achieve all these things:

  • a Bash script to a) determine whether the system is being rebooted, b) remount the external USB HDD on a suitable mount point, c) copy the files to the external USB HDD, and d) write to the log file;
  • a systemd unit file to launch the Bash script.

The two files are described below.

By the way, I also tried using systemd-inhibit in this case, and it did not work. Looking at the manual page for systemd-inhibit, it could be used to execute a program (the example given is ‘systemd-inhibit wodim foobar.iso‘), however I found that systemd-inhibit did not prevent systemd from shutting down the machine before the backup Bash script had run to completion.

Bash script

I created a file /usr/local/sbin/backup_home_directories.sh owned by the root user, with the following permissions and contents:

fitzcarraldo@aspirexc600:~$ ls -la /usr/local/sbin/backup_home_directories.sh
-rwxr-xr-x 1 root root 2570 Jan  8 20:37 /usr/local/sbin/backup_home_directories.sh
#!/bin/bash

# This script backs up to an external USB HDD (NTFS) labelled "FREECOM HDD" the contents of the home directories
# of the users of this Lubuntu 17.10 installation if the system is shutting down but not rebooting.
# It is launched by a systemd service /etc/systemd/system/backup-to-usb-hdd.service.

# Find out if the system is rebooting (as opposed to being shut down):
REBOOT=$( systemctl list-jobs | egrep -q 'reboot.target.*start' && echo "rebooting" || echo "not_rebooting" )
if [ $REBOOT = "not_rebooting" ]; then
# Only execute the following steps if the system is shutting down but not rebooting:
    # Clean up if the backup did not complete last time:
    umount /media/usbhdd 2>/dev/null # Make sure you enter this line correctly.
    rm -rf /media/usbhdd/* # Make sure you enter this line correctly.
    # Unmount the external USB HDD if mounted by udisks2 with the logged-in username in the path:
    umount /media/*/FREECOM\ HDD 2>/dev/null
    # Find out the USB HDD device:
    DEVICE=$( blkid | grep "FREECOM\ HDD" | cut -d ":" -f1 )
    # Create a suitable mount point if it does not already exist, and mount the device on it: 
    mkdir /media/usbhdd 2>/dev/null
    mount -t ntfs-3g $DEVICE /media/usbhdd 2>/dev/null
    # Create the backup directory on the USB HDD if it does not already exist:
    mkdir /media/usbhdd/Lubuntu_home_folders_backup 2>/dev/null
    # Backup recursively all the home directories of all the users, and add a time-stamped summary to the log file: 
    echo "********** Backing up Acer Aspire XC600 users' home directories **********" >> /home/fitzcarraldo/backup.log
    date >> /home/fitzcarraldo/backup.log
    # Log username of user shutting down the PC (may not be this user if Switch User was used):
    echo -ne "User who shutdown PC (may not be this user if Switch User has been used): " >> /home/fitzcarraldo/backup.log
    last | cut -d " " -f1 | head -1 >> /home/fitzcarraldo/backup.log
    sleep 2s
    # To backup the directories and files I prefer to use the following cp command rather than rsync:
    cp --recursive --update --preserve=all --no-dereference --force /home/ /media/usbhdd/Lubuntu_home_folders_backup 2>> /home/fitzcarraldo/backup.log
    echo "Copying completed" >> /home/fitzcarraldo/backup.log
    date >> /home/fitzcarraldo/backup.log
    echo "********** Backup completed **********" >> /home/fitzcarraldo/backup.log
    cp /home/fitzcarraldo/backup.log /media/usbhdd/Lubuntu_home_folders_backup/home/fitzcarraldo/
    # Unmount the USB HDD so that udisks2 can subsequently re-mount it with the user's username in the path:  
    umount /media/usbhdd
fi
exit 0

The Bash script unmounts the external USB HDD and mounts it to /media/usbhdd before performing a backup. This is done because the Udisks daemon (udisksd) automounts the HDD at login to a mountpoint /media/<username>/FREECOM HDD  (e.g. ‘/media/fitzcarraldo/FREECOM HDD‘ when I log in, ‘/media/claudia/FREECOM HDD‘ when user claudia logs in, and so on).

systemd unit file

I created a file /etc/systemd/system/backup-to-usb-hdd.service owned by the root user, with the following permissions and contents:

fitzcarraldo@aspirexc600:~$ ls -la /etc/systemd/system/backup-to-usb-hdd.service 
-rw-r--r-- 1 root root 274 Jan  8 17:51 /etc/systemd/system/backup-to-usb-hdd.service
[Unit]
Description=Backup home directories of all users to USB HDD
DefaultDependencies=no
Before=shutdown.target halt.target
RequiresMountsFor=/home

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/backup_home_directories.sh

[Install]
WantedBy=halt.target shutdown.target

Then I enabled the unit file as follows:

fitzcarraldo@aspirexc600:~$ sudo systemctl enable backup-to-usb-hdd.service
Created symlink /etc/systemd/system/halt.target.wants/backup-to-usb-hdd.service → /etc/systemd/system/backup-to-usb-hdd.service.
Created symlink /etc/systemd/system/shutdown.target.wants/backup-to-usb-hdd.service → /etc/systemd/system/backup-to-usb-hdd.service.
fitzcarraldo@aspirexc600:~$

Reboot (or shutdown and restart) to launch it.

The log file

The log file /home/fitzcarraldo/backup.log looked like the following after shutting down a couple of times:

********** Backing up Acer Aspire XC600 users' home directories **********
Mon  8 Jan 21:07:05 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): fitzcarraldo
Copying completed
Mon  8 Jan 21:07:32 GMT 2018
********** Backup completed **********
********** Backing up Acer Aspire XC600 users' home directories **********
Mon  8 Jan 21:15:31 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): fitzcarraldo
Copying completed
Mon  8 Jan 21:15:48 GMT 2018
********** Backup completed **********

Whenever the system is rebooted by any user, nothing is appended to the log file. As desired, entries are only appended to the log file when the system is shutdown by any user.

Manually initiated backups

An added benefit is that any user in the sudo group can run the Bash script from the command line at any time to backup without having to shutdown the PC, as illustrated below:

claudia@aspirexc600:~$ cat /home/fitzcarraldo/backup.log 
********** Backing up Acer Aspire XC600 users' home directories **********
Mon  8 Jan 21:07:05 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): fitzcarraldo
Copying completed
Mon  8 Jan 21:07:32 GMT 2018
********** Backup completed **********
********** Backing up Acer Aspire XC600 users' home directories **********
Mon  8 Jan 21:15:31 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): fitzcarraldo
Copying completed
Mon  8 Jan 21:15:48 GMT 2018
********** Backup completed **********
claudia@aspirexc600:~$ date && sudo backup_home_directories.sh
Tue  9 Jan 01:57:50 GMT 2018
[sudo] password for claudia:
claudia@aspirexc600:~$ cat /home/fitzcarraldo/backup.log 
********** Backing up Acer Aspire XC600 users' home directories **********
Mon  8 Jan 21:07:05 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): fitzcarraldo
Copying completed
Mon  8 Jan 21:07:32 GMT 2018
********** Backup completed **********
********** Backing up Acer Aspire XC600 users' home directories **********
Mon  8 Jan 21:15:31 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): fitzcarraldo
Copying completed
Mon  8 Jan 21:15:48 GMT 2018
********** Backup completed **********
********** Backing up Acer Aspire XC600 users' home directories **********
Tue  9 Jan 01:57:54 GMT 2018
User who shutdown PC (may not be this user if Switch User has been used): claudia
Copying completed
Tue  9 Jan 01:58:10 GMT 2018
********** Backup completed **********
claudia@aspirexc600:~$

Running a shell script at shutdown only (not at reboot) – a comparison between OpenRC and systemd

Gentoo Linux on my laptops uses OpenRC with SysVinit, whereas Lubuntu 17.10 on my family’s PC uses systemd. I have had to configure both Linux distributions to run a backup job at shutdown, so I thought it would be interesting to summarise the two approaches.

OpenRC

Create a Bash script /etc/local.d/10-run_on_shutdown.stop with the following contents:

#!/bin/bash
if [ `who -r | awk '{print $2}'` = "0" ]; then
    ########################################################################
    # Put Bash commands here to be executed on shutdown but not on reboot. #
    # For example, backup home directories to an external USB HDD.         #
    ########################################################################
fi

From now on the script will run to completion when you shutdown the machine, but not when you reboot it.

systemd

1. Create a Bash script /usr/local/sbin/run_on_shutdown.sh with the following contents:

#!/bin/bash
REBOOT=$( systemctl list-jobs | egrep -q 'reboot.target.*start' && echo "rebooting" || echo "not_rebooting" )
if [ $REBOOT = "not_rebooting" ]; then
    ########################################################################
    # Put Bash commands here to be executed on shutdown but not on reboot. #
    # For example, backup home directories to an external USB HDD.         #
    ########################################################################
fi

2. Create a unit file /etc/systemd/system/run_on_shutdown.service with the following contents:

[Unit]
Description=Run a Bash script at shutdown
DefaultDependencies=no
Before=shutdown.target halt.target
# If your script requires any mounted directories, add them below: 
RequiresMountsFor=/home

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/run_on_shutdown.sh

[Install]
WantedBy=halt.target shutdown.target

I have assumed the Bash script is to backup /home, so change the directory list in ‘RequiresMountsFor=‘ if the script necessitates that other directories are still mounted – see ‘man systemd.unit‘ for details.

3. Enable the unit file and start the service as follows:

user $ sudo systemctl enable run_on_shutdown.service
user $ sudo reboot

From now on, the script will run to completion when you shutdown the machine, but not when you reboot it.

Notes on the systemd solution:

There are plenty of posts on the Web suggesting how to run a script at shutdown in installations that use systemd, but the approaches either do not work in my case or they do not discriminate between shutting down and rebooting. For example, if you are wondering why I do not use ‘Conflicts=reboot.target‘ in the unit file, I found it does not prevent the Bash script from being launched when the system is rebooted (see the entry for ‘Conflicts=‘ in ‘man systemd.unit‘ for the functionality). If you are wondering why I do not simply place a script in /lib/systemd/system-shutdown/, it is because scripts in that directory are launched late in the shutdown process, after file systems have been mounted read-only. And if you are wondering why the Bash script tests if the system is rebooting (as distinct from shutting down) rather than the unit file being configured to do that, it is because the systemd shutdown target is active in any type of system termination, be it rebooting or halting, and it therefore does not help in discriminating between the termination types (see ‘man systemd.special‘). I tried several approaches in the unit file to see if it could be made to launch a Bash script when shutting down but not when rebooting, but the only solution that works for me in the Lubuntu 17.10 installation on my family’s PC uses the two files listed above working in conjunction with each other.

Furthermore, of all the unit files I found on the Web that actually make systemd launch a Bash script when a user initiates shutdown, only one of them prevents systemd from shutting down the machine before a time-consuming script has run to completion (for example a script to backup to an external HDD). I also tried using systemd-inhibit in this case, and it did not work. Looking at the manual page for systemd-inhibit, it could be used to execute a program (the example given is ‘systemd-inhibit wodim foobar.iso‘), however I found that systemd-inhibit did not prevent systemd from shutting down the machine before a Bash script to backup a single-seat, multi-user installation had run to completion.

Some background reading

  1. Easy Systemd Startup and Shutdown Scripts for Ubuntu 16.04 and Mint 18
  2. Stack Exchange Super User : How do I run a script before everything else on shutdown with systemd?
  3. Stack Overflow : how can a systemd controlled service distinguish between shutdown and reboot?
  4. Unix & Linux Stack Exchange : Systemd : How to execute script at shutdown only (not at reboot)