On Fri, May 27, 2016 at 9:58 AM Lennart Poettering <mzerq...@0pointer.de>
wrote:

> On Fri, 27.05.16 08:09, Chris Adams (li...@cmadams.net) wrote:
>
> > Once upon a time, Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl> said:
> > > Also note that running jobs in a systemd service has advantages on the
> > > server: better accounting, more transparency, logs are easier to read.
> > > The (old) default of allowing left-over session processes to live on
> > > seems especially bad on a server with multiple users.
> >
> > Starting a one-off task under screen and detaching is an age-old server
> > management process.  Breaking that is not acceptable IMHO.
>
> And it is still supported.
>
> In my view it was actually quite strange of UNIX that it by default
> let arbitrary user code stay around unrestricted after logout. It has
> been discussed for ages now among many OS people, that this should
> possible but certainly not be the default, but nobody dared so far to
> flip the switch to turn it from a default to an option. Not cleaning
> up user sessions after logout is not only ugly and somewhat hackish
> but also a security problem.
>
> [snip]

Apologies for a metaphor, but...

Imagine a map of a terrain, and a transparent plastic overlay containing
landmarks. Most of the time, people find it valuable to view the map with
the overlay laid on top of it. But, sometimes it's useful to remove the
overlay and look at the natural terrain. It would be a mistake to think
that the only perspective is the one with the overlay on top... and it
would be a big mistake to glue the overlay down so that particular
perspective is effectively enforced.

The "login" concept here seems to me nothing more than a conceptual overlay
of what's going on underneath (running user processes). Sure, it's a
convenient way of describing a particular experience with a computer. But,
it's not the only way to describe that experience. One could also describe
it as a a graph of arbitrary processes.

It seems to me that what's happening is that systemd is now enforcing this
"login session" perspective... metaphorically speaking, gluing the
transparent overlay onto the map (but don't worry! they also provide a
special adhesive remover!). This makes it that much harder for people to
make use of what's underneath without viewing it through the overlay...
which, as it turns out, is a *very* common thing to do (screen, tmux,
nohup, etc.).

Whether or not this as default is a good thing in the long run, I don't
know. I can see pros and cons (ease of cleanup / unexpected behavior for a
big group of folks). However, I am concerned that it seems the conceptual
perspective of a "login" is now being enforced within the internals. I
think it's a mistake to think that the internals *must* match our human
experience/understanding from the outside (the experience of a "login"
session/environment), and this change appears to be stepping in that
direction.

Perhaps one intermediate compromise is to, instead of requiring the use of
system-run, users should be able to have a whitelist of processes (like
screen, tmux, etc.) which are not killed as "cleanup". (Clearly, "screen"
is intentionally long-running, and should never be treated as "leftovers"
from a login session. I'm sure there are others which would fall under this
scenario too.)
--
devel mailing list
devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Reply via email to