Single computer with many UIs

[albsch]

As far as I can understand in the configuration documentation, it's possible to have a single UI with many computers. I'm interested in running the UI in multiple ttys at once, while running only a single opensnitchd daemon. Currently, the file created in /tmp/osui.sock has the wrong permissions when I try to start the UI with another user.

Changing the config to unix:///run/user/1000/opensnitch/osui.sock is also not an option for multi-user systems. It would be nice if the configuration of the address could be templated by user, something like /tmp/$USER/osui.sock.

[gustavo-iniguez-goya]

Hi @albsch ,

I'm interested in running the UI in multiple ttys at once

That's not possible right now. The GUI is a server, so there can only be one running.

Could you explain your use case?

[albsch]

I have multiple users that can be logged in at the same time. E.g. user1 is logged in on tty1, user2 on tty2. I wondered why the GUI is the server, and not the daemon itself. Usually, it's the other way around. Even when exiting and re-login with another user, other processes linger around and I have to restart the whole computer to make opensnitch work again.

[gustavo-iniguez-goya]

ah ok, I see. This was also requested some time ago here #388

Do all the users need to use the GUI/admin rules at the same time? Or do you have one user that configures the rules/view events, and the rest are just regular users?

[albsch]

Hmm, all users could configure all the rules was my usage pattern. Ideally, the different users don't see the rules of the other users, but I know it's not possible and does not make sense (network configuration is shared among users anyway). Let me rethink this, maybe it's good to restart and run only one session at the same time. I'll monitor #388 and close this issue, thanks!

[philstopford]

Adding to this, I have a few machines around that are shared resources - a user is logged in for general use, and I tend to connect with RDP. If I do something in the background, the first user gets the prompt to allow/deny the access. If I try and launch OpenSnitch on the RDP session, it generally fails with a port binding error along the lines of the port being already in use. That means also that new prompts can't be managed easily on this set-up : the first user to have the GUI running gets the prompt and if they are absent, a temporary deny rule is set and the other user seems unable to do much about this as long as the GUI is retained by the first user. Given that one needs to have the GUI running in order to see the prompts, this is where it gets tricky.

For a shared resource, I wondered if there might be a multi-session GUI option in the plan that also allowed for a list of (un)authorized users who cannot modify the rules at all, to avoid uncontrolled changes,