On Thu, 18.12.14 11:05, Andrei Borzenkov (arvidj...@gmail.com) wrote: > As far as I know, systemd still officially retains compatibility with > initscripts. Unfortunately, session management now at least partially > broke it. > > Any initscript that is using "su -" would create logind session; this > session will persist until processes started by initscript are > runing.
Any initscript that uses "su -" is broken I am very much convinced. For two reasons. First of all, the dash means that you want a login shell, i.e. one that "feels" like a "real" user login. That's very inappropriate for daemons. Secondly, su goes through the whole PAM stack. PAM is really for setting up user sessions, it has no place when setting up the environment for a daemon. If you want to set up the environment for a daemon, use "start-stop-daemon", "runuser", or simply systemd's User= setting. None of them goes through PAM. If you go through PAM, then you not only get a new systemd session opened for it, but also an audit session, selinux session, ... And you clearly don't want that. This is unfortunately little documented, but it's really how it is. Do not use "su" for init scripts. Never, ever. It's a user command, not a command to use in codepaths outside of user sessions. All this is wrong outside of the systemd context, and just a slightly bit more inside the systemd context, but the correct fix is certainly outside of the scope of systemd. Sorry, Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel