Running plasma 5.21.4 on ArchLinux, I have sddm set to auto-login, but I'd like the plasma session to start locked. The session also runs with a couple of apps auto-started. My plasma is set to use the systemd startup method and in .config/environment.d/kde.conf I have DESKTOP_LOCKED=1. I can confirm that both ksmserver and kwin processes have the environment variable in their /proc/<pid>/environ pseudo-file. But the session does not start locked. I'm not sure if this is a bug in a recent Plasma or its systemd startup method? if I switch back to non-systemd startup kwriteconfig5 --file startkderc --group General --key systemdBoot false and setting DESKTOP_LOCKED=1 in ~/.pam_environment, kde starts locked STEPS TO REPRODUCE 1. kwriteconfig5 --file startkderc --group General --key systemdBoot true 2. echo DESKTOP_LOCKED=1 > ~/.config/environment.d/kde.conf 3. cat <<EOF > /etc/sddm.conf.d/autologin.conf [Autologin] User=damjan EOF 4. reboot OBSERVED RESULT: Plasma session for user damjan starts unlocked EXPECTED RESULT: Plasma session for user damjan starts **locked** SOFTWARE/OS VERSIONS Linux: Archlinux KDE Plasma Version: 5.21.4 KDE Frameworks Version: 5.81.0 Qt Version: 5.15.2 Graphics Platform: X11 sddm version: 0.19.0-5
So basically when you turn on your computer, you want to see the lock screen rather than the login screen? So I have that right? May I ask the reason? What's the use case for this?
It wasn't a documented feature exposed in the UI, so it's not a bug per-se. The reason it doesn't work is because ksmserver didn't read this env, the process that spawned ksmserver did - which obviously isn't the same with the systemd boot. With the systemd boot, the simplest fix would be to create a drop-in for ksmserver and override the Exec line to ksmserver --lockscreen I have also changed the ksmserver behaviour so that if you run loginctl-lock session before ksmserver starts it will still be honoured, which is a much tidier fix.
(In reply to Nate Graham from comment #1) > So basically when you turn on your computer, you want to see the lock screen > rather than the login screen? So I have that right? May I ask the reason? > What's the use case for this? The computer is turned on at all times, but if someone yanks the power cable or there's power loss, I want it to start locked just in case. (and yes I use secure-boot and full LUKS with tpm2 unsealing, so attacks are not trivial). I want it auto-logged in because I want to run GUI KDE applications on boot - including but not limited to kde-connect which I then control from my phone.
(In reply to David Edmundson from comment #2) > It wasn't a documented feature exposed in the UI, so it's not a bug per-se. sorry. I have no idea where I've read about it. It's somewhat prominent on the internet :D > The reason it doesn't work is because ksmserver didn't read this env, the > process that spawned ksmserver did - which obviously isn't the same with the > systemd boot. I think in both cases the variable is inherited from the parent process? I don't understand the difference. > > With the systemd boot, the simplest fix would be to create a drop-in for > ksmserver and override the Exec line to ksmserver --lockscreen > > I have also changed the ksmserver behaviour so that if you run loginctl-lock > session before ksmserver starts it will still be honoured, which is a much > tidier fix. Both fixes seem fine to me. Thanks.
systemctl --user cat plasma-ksmserver.service # /usr/lib/systemd/user/plasma-ksmserver.service [Unit] Description=KDE Session Management Server Wants=plasma-kcminit.service PartOf=graphical-session.target [Service] ExecStart=/usr/bin/ksmserver BusName=org.kde.ksmserver Slice=session.slice [Install] WantedBy=plasma-core.target # /home/damjan/.config/systemd/user/plasma-ksmserver.service.d/override.conf [Service] ExecStart= ExecStart=/usr/bin/ksmserver --lockscreen ❯ systemctl --user status plasma-ksmserver.service --no-pager ● plasma-ksmserver.service - KDE Session Management Server Loaded: loaded (/usr/lib/systemd/user/plasma-ksmserver.service; disabled; vendor preset: enabled) Drop-In: /home/damjan/.config/systemd/user/plasma-ksmserver.service.d └─override.conf Active: active (running) since Thu 2021-04-29 15:55:32 CEST; 5min ago Main PID: 1068 (ksmserver) Tasks: 33 (limit: 33525) Memory: 99.3M CPU: 1.106s CGroup: /user.slice/user-1000.slice/user@1000.service/session.slice/plasma-ksmserver.service ├─1068 /usr/bin/ksmserver --lockscreen └─1120 /usr/lib/kscreenlocker_greet --immediateLock --graceTime 5000 --ksldfd 13 works!!
Thanks for fixing it David :)
Using a drop-in systemd override with `ksmserver --lockscreen` doesn't work for plasma 6.1.5. I can see that ksmserver is started with the lockscreen option but it doesn't seem like the kscreenlocker_greet get executed and the screen doesn't get locked. What worked however is the second suggestion - to use `loginctl lock-session`. I ran `systemctl edit --user plasma-ksmserver` and created an override which brings the lock screen on start. cat ~/.config/systemd/user/plasma-ksmserver.service.d/override.conf [Service] ExecStartPre= ExecStartPre=loginctl lock-session I also have autologin turned on in Settings/Colors & Themes/Login Screen (SDDM)/Behavior
(In reply to darinp from comment #7) > Using a drop-in systemd override with `ksmserver --lockscreen` doesn't work > for plasma 6.1.5. > I can see that ksmserver is started with the lockscreen option but it > doesn't seem like the kscreenlocker_greet get executed and the screen > doesn't get locked. > > What worked however is the second suggestion - to use `loginctl > lock-session`. This workaround functions for me too, but it doesn't allow apps to autostart until unlocking unlike the previous `ksmserver --lockscreen` option did. Are there any clues as to why this old method is broken now?