On Fri, Jun 3, 2016 at 11:24 AM, Chris Murphy <li...@colorremedies.com> wrote:
> Is it/should it be true that any 'sudo' process is privileged and
> automatically is put into a session that would not be killed by the
> user logging out? So if they user starts some background process with
> sudo, they can log out of their DE session and that process continues
> to run?
OK so I have an example where there is breakage. The example itself
doesn't matter, but because it's so basic (to me anyway) I think it
opens up a rat's nest of other workflow problems, people just have to
imagine their own and try them out.
1. Set /etc/systemd/logind.conf so that KillUserProcesses=yes
2. Start a btrfs scrub, which by default is a background process:
[chris@f24m ~]$ sudo btrfs scrub status /
scrub started on /, fsid dbf2e938-1f28-4e93-aa6c-1e193004931b (pid=9527)
[chris@f24m ~]$
3. Log out of the DE (this is gnome-shell). Wait a minute. Log back in.
4.
[chris@f24m ~]$ sudo btrfs scrub status /
[sudo] password for chris:
scrub status for dbf2e938-1f28-4e93-aa6c-1e193004931b
scrub started at Fri Jun 3 20:38:15 2016, interrupted after
00:00:05, not running
total bytes scrubbed: 2.52GiB with 0 errors
If I repeat this with #KillUserProcesses=yes (commented out), the
scrub completes without interruption. This is not an unprivileged
process near as I can tell. Scrub is perhaps not the best example, it
may well be better workflow to put such a thing on a timer instead.
But it could take hours or days so, on demand usage means some kind of
workflow change: stay logged in, or drop to a console and login as
root to run the command? KillExcludeUsers=root is the default so
presumably this avoids the interruption.
But what about device replacement? The command follows similar
structure and behavior as 'btrfs replace start <olddev> <newdev>
<mountpoint>' and then it goes to background and starts migrating data
from the old to new drive. If I log out of the desktop session before
that completes, I suspect that too will be interrupted similar to the
scrub example. Obviously device replacement would not be put on a
timer, it would be done on demand.
Anyway it seems problematic, presumably there are other examples of
programs that users want to run on demand, with escalated privileges,
in the background, and persist through a logout from the DE?
--
Chris Murphy
--
devel mailing list
devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
