On Fri, Jun 03, 2016 at 03:30:33PM +0200, Björn Persson wrote:
Lennart Poettering <mzerqung(a)0pointer.de> wrote:
> On Thu, 02.06.16 18:00, Sam Varshavchik (mrsam(a)courier-mta.com) wrote:
> > The rogue spambout in question can simply talk to systemd itself, and
> > arrange for it not to be killed when the user logs out.
> Yes, the default policy we ship is friendly, and
> says that users can stick around if they want, via lingering
And therefore the change that is being debated in this thread – the
default value of KillUserProcesses – does not change anything security-
wise, right? There already was, and there still is, a feature that
sysadmins can opt in to use to enforce an unusually strict policy if
they want, but there has not been, is not, and will not be such a
policy be default, right?
There is both the default *policy* (i.e. what you can ask for using
polkit), and the default *behaviour* (i.e. what happens when you log
out if you haven't asked for special treatment). We are trying to make
the second stricter, while keeping the first more permissive, at least
for now. This way the change is more incremental.
If that's the case, then can we please stop talking about
instead debate the usability aspects of this change?
The change is related to
security. Current policy is lax to make the
change easier by allowing users to revert to the previous behaviour
at will. But the new default brings us one step closer to what we
consider a better out-of-the-box behaviour of the system.
Of course usability is important. I'll be looking into allowing screen
to persist automatically, but that needs a bit of thought and coding.