[systemd-devel] Fix PAM module to not clobber XDG_RUNTIME_DIR with su
Lennart Poettering
lennart at poettering.net
Mon Nov 25 20:23:53 PST 2013
On Thu, 21.11.13 07:55, Martin Pitt (martin.pitt at ubuntu.com) wrote:
> > So, what's the intention here? That XDG_RUNTIME_DIR is entirely unset
> > after "su"? That sounds kinda acceptable to me.
> Yes, for "su -" and pkexec. It might not work for "su" as that is
> likely configured to not run PAM, see above.
>
> That's what my patch is doing and what would prevent the damaging of
> runtime dirs. It's not what I consider ideal (I prefer Colin's
> approach of giving him the *correct* user's runtime dir), but if we
> can't have that, let's at least not pass the wrong one.
Due to the lifecycle guarantees on XDG_RUNTIME_DIR we cannot hand out a
"correct" (correct by what I assume you mean by "correct") instance of
it wihtout also setting up a full new session, and keeping it around and
ref counting it.
Anyway, as mentioned elsewhere, git now will not set XDG_RUNTIME_DIR in
"su" instances, as per your original patch.
Thanks for the patch,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list