[systemd-devel] The whole su/pkexec session debate

Lennart Poettering lennart at poettering.net
Tue Dec 10 18:11:55 PST 2013


On Wed, 20.11.13 10:16, Colin Guthrie (gmane at colin.guthr.ie) wrote:

> Hi,
> 
> One other thing occurred this morning while pondering the latest patches
> from Martin and Colin on this topic.
> 
> What should (in an ideal world) apps like screen do?

I used to believe that screen should set up a new session, but I don't
think so anymore.

Nowadays think they should do exactly what they currently do: fork and
stay around. This will cause the session to stay in "closing" state when
the user logs out, but that's exactly what it would be good for:
i.e. sessions which have officially finished but of which some parts
remain.

> Perhaps this is all OK, and the "closing" state here is not a problem.
> But such apps and use cases really are not compatible at all with the
> kill-session-processes= option of pam_systemd and it would be nice to do
> things properly.

If user session killing is enabled then this is explicitly supposed to
be the admins way to prohibit things like screen if the user is not
logged in otherwise. Hence I think the exact right thing happens
already: if the admin doesn't want to allow screen to stay around then
he can use that option. Otherwise he should leave it on.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list