On Wed, 26 Jul 2017 at 00:02:06 +0200, Jakob Schürz wrote: > I have no idea, why this users get a PAM-Session. > Now i can see there is also a systemd --user process for > debian-security-support: > > Jul 25 23:54:49 aldebaran systemd[1]: Starting User Manager for UID 137... > Jul 25 23:54:49 aldebaran systemd[6366]: pam_unix(systemd-user:session): > session opened for user debian-security-support by (uid=0)
From https://sources.debian.net/src/debian-security-support/2017.06.02/debian/debian-security-support.postinst/ it looks as though that package is using su. It should probably be using runuser -u "$USERNAME" /bin/bash -c "..." instead, because whatever the question is, su is usually the wrong answer. Presumably the other daemons you mentioned are also using su in a cron job or maintainer script or something. On my Debian system, /etc/pam.d/su pulls in /etc/pam.d/common-session, which uses pam_systemd; but /etc/pam.d/runuser does not. So anything that calls su will get a login session, with the side effect of a `systemd --user`, but anything that calls runuser will not get a login session and a `systemd --user`. S _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel