On Wed, Jun 1, 2016 at 9:48 AM, Lennart Poettering <mzerqung(a)0pointer.de>
On Wed, 01.06.16 12:19, Howard Chu (hyc(a)symas.com) wrote:
> This is still looking at the problem back-asswards. The problem isn't
> screen and tmux are special cases. The problem is that some handful of
> programs that got spawned in a GUI desktop environment are special cases,
> not exiting when they should.
> Fix the broken programs, don't force every well-behaved program in the
> universe to change to accommodate your broken GUI environment. This is
> Programming 101.
Again, this isn't just work-arounds around broken programs. It's a
security thing. It's privileged code (logind, PID 1) that enforces a
clear life-cycle on unprivileged programs.
Any scheme that relies on unprivileged programs "being nice" doesn't
fix the inherent security problem: after logout a user should not be
able consume further runtime resources on the system, regardless if he
does that because of a bug or on purpose.
That's your opinion, and while many sysadmins may share it, many will not.
Having this as an optional security feature would be fantastic. Enforcing
it by default on every user many of which use tmux, screen, nohup, and & to
persist long running processes for daily work, is not something to do just
because you think it is what people should do.