On Fri, Jun 03, 2016 at 03:30:33PM +0200, Björn Persson wrote: > Lennart Poettering <mzerq...@0pointer.de> wrote: > > On Thu, 02.06.16 18:00, Sam Varshavchik (mr...@courier-mta.com) wrote: > > > The rogue spambout in question can simply talk to systemd itself, and > > > arrange for it not to be killed when the user logs out. > > > > Yes, the default policy we ship is friendly, and > > says that users can stick around if they want, via lingering > > And therefore the change that is being debated in this thread – the > default value of KillUserProcesses – does not change anything security- > wise, right? There already was, and there still is, a feature that > sysadmins can opt in to use to enforce an unusually strict policy if > they want, but there has not been, is not, and will not be such a > policy be default, right?
There is both the default *policy* (i.e. what you can ask for using polkit), and the default *behaviour* (i.e. what happens when you log out if you haven't asked for special treatment). We are trying to make the second stricter, while keeping the first more permissive, at least for now. This way the change is more incremental. > If that's the case, then can we please stop talking about security and > instead debate the usability aspects of this change? The change is related to security. Current policy is lax to make the change easier by allowing users to revert to the previous behaviour at will. But the new default brings us one step closer to what we consider a better out-of-the-box behaviour of the system. Of course usability is important. I'll be looking into allowing screen to persist automatically, but that needs a bit of thought and coding. Zbyszek -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
