previously on this list Steve Langasek contributed: > Yes. This has been the case for su in Debian since 1999, and to do > otherwise would break a variety of configurations where session setup is > required in order for, e.g., the su process to have access to the files of > the target user.
It seems to me that someone needlessly? dropped the ball in 1999 then and this should have perhaps been a new flag or added to -l where PAM is in use, as it fundamentally changes the behaviour contrary to the varying titles of su. Now done of course and for so long I wouldn't know what the fallout to debian and other things would be and so the best way to fix this bug today at all. I do know that I would much prefer if a script in rc.local that uses su to drop priviledges and maybe even then sudo to re-gain one or two worked on all unix-like systems and without having to deal with debians overly complex scripts in comparison to bsd or create a systemd unit (I think it's clear I wouldn't). However as I don't use polkit and use sudo to handle my suspending and shutdowns I think I probably could without issue anyway? Not being a PAM fan but only locking it down a little on systems with it. I can't say I fully understand the weight of grounds with which "must not" was stated though. I hope I don't get flamed as I am not enjoying or intentionally bashing these things for any political reason and I'm actually rather busy. I simply strive for what I see as simpler and better alternatives in ease of use/config and lack of exploits and don't believe I should have to hide anything. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/248613.30904...@smtp148.mail.ir2.yahoo.com