[systemd-devel] Crond session, pam_access and pam_systemd
Thomas HUMMEL
thomas.hummel at pasteur.fr
Mon Oct 26 14:27:09 UTC 2020
Hello,
[I was off for one week]
On 16/10/2020 15:45, Mantas Mikulėnas wrote:
> If I remember correctly, it's so that the main process would still be
> able to have pid 1 as its parent, without introducing an intermediate
> step in the process tree.
My understanding after thinking about it would rather be :
using PAMName= means that the process the service will execture (let's
call it the service process) is to be considerred as PAM-ified even if
it's not, which means a PAM session will be created for it.
As such a sd-executor like process has to do on its behalf the begining
of the PAM calls (the service process may not do any of this call) . And
since this executor is replaced (because of exec()) with the actual
service process) there is no other choice than to fork/exec before that
the sd-pam handler (and thus monitor the pam_session "from the outside")
If I'm correct, this would be the reason more than the pid 1 direct
parenthood you mentionned. Otherwise, in the standard services (not
using PAMName=) case this would work only with the type=forking
services, wouldn't it ?
Thanks for your help
--
Thomas HUMMEL
More information about the systemd-devel
mailing list