On Fri, May 27, 2016 at 9:58 AM Lennart Poettering <mzerqung@0pointer.de> wrote:
On Fri, 27.05.16 08:09, Chris Adams (linux@cmadams.net) wrote:

> Once upon a time, Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> said:
> > Also note that running jobs in a systemd service has advantages on the
> > server: better accounting, more transparency, logs are easier to read.
> > The (old) default of allowing left-over session processes to live on
> > seems especially bad on a server with multiple users.
> Starting a one-off task under screen and detaching is an age-old server
> management process.  Breaking that is not acceptable IMHO.

And it is still supported.

In my view it was actually quite strange of UNIX that it by default
let arbitrary user code stay around unrestricted after logout. It has
been discussed for ages now among many OS people, that this should
possible but certainly not be the default, but nobody dared so far to
flip the switch to turn it from a default to an option. Not cleaning
up user sessions after logout is not only ugly and somewhat hackish
but also a security problem.


Apologies for a metaphor, but...

Imagine a map of a terrain, and a transparent plastic overlay containing landmarks. Most of the time, people find it valuable to view the map with the overlay laid on top of it. But, sometimes it's useful to remove the overlay and look at the natural terrain. It would be a mistake to think that the only perspective is the one with the overlay on top... and it would be a big mistake to glue the overlay down so that particular perspective is effectively enforced.

The "login" concept here seems to me nothing more than a conceptual overlay of what's going on underneath (running user processes). Sure, it's a convenient way of describing a particular experience with a computer. But, it's not the only way to describe that experience. One could also describe it as a a graph of arbitrary processes.

It seems to me that what's happening is that systemd is now enforcing this "login session" perspective... metaphorically speaking, gluing the transparent overlay onto the map (but don't worry! they also provide a special adhesive remover!). This makes it that much harder for people to make use of what's underneath without viewing it through the overlay... which, as it turns out, is a *very* common thing to do (screen, tmux, nohup, etc.).

Whether or not this as default is a good thing in the long run, I don't know. I can see pros and cons (ease of cleanup / unexpected behavior for a big group of folks). However, I am concerned that it seems the conceptual perspective of a "login" is now being enforced within the internals. I think it's a mistake to think that the internals *must* match our human experience/understanding from the outside (the experience of a "login" session/environment), and this change appears to be stepping in that direction.

Perhaps one intermediate compromise is to, instead of requiring the use of system-run, users should be able to have a whitelist of processes (like screen, tmux, etc.) which are not killed as "cleanup". (Clearly, "screen" is intentionally long-running, and should never be treated as "leftovers" from a login session. I'm sure there are others which would fall under this scenario too.)