On Tue, May 31, 2016 at 4:23 PM, Howard Chu <hyc(a)symas.com> wrote:
DJ Delorie wrote:
> Lennart Poettering <mzerqung(a)0pointer.de> writes:
>> Again, as mentioned before: key here is that permitting user processes
>> to stick around after all sessions of the user ended needs to be a
>> privilieged concept. It should not be allowed for user code to stick
>> around after logout, unless this is explicitly permitted by the admin,
>> and this hence needs to be enforced by privileged code.
> How many Fedora installs are multi-user these days? How many
> single-user desktops are we afflicting with a "you must ask an admin"
> rule, when there is no admin besides the user sitting at the keyboard?
> Any rule that tries to split users into "unpriviledged" and
Agreed. And the basic premise is utterly wrong. The user was obviously
permitted to login to the machine, they are therefore permitted to run
processes on the machine. Whether their shell process stays alive or not is
utterly irrelevant, any other processes that continue to run after their
login shell terminates is still legitimately using the machine. To call
running without a control terminal "privileged" is inventing new definitions
out of thin air. There is no logical basis for it. The entire premise is
The consistent theme by all parties I'm hearing is that there should
be better sanctioning for the bad apples. Right now the perception of
this feature is that sanctioning is impacting users and the upstreams
of non-offending tools, more than it's impacting the actual bad apples
that are the impetus behind the feature.