On Thursday 02 June 2016 14:38:38 Matthias Clasen wrote:
I think the discussion is starting to go in circles. It is pretty
clear
that we have different opinions about the desired behavior of logout.
I'll take this as an opportunity to raise a separate issue.
The current implementation has only 2 levels of control: global and individual
(lingering).
For non-tiny organizations this isn't good enough:
* I would expect that root may set lingering for *groups* as well.
* Otherwise, administrators need to set policy per-individual and we are back
to square one (killing individual user processes).
* Than we can have better default policy (e.g: members of groups wheel
and staff have "lingering" on).
* Example: something similar to access.conf(5) (but "<foo>.d/*.conf" not
a monolithic file).
* The design should assume that in the future, large organization would
expect it their directory service.
(e.g: like sudoers can now be integrated in IPA).
A separate thought: maybe have a list of exceptions (tmux/screen/vnc/whatever)
but this really opens a new can of worms, so it may be
better not to mix this with the user/group granularity issue.
Thanks,
--
Oron Peled Voice: +972-4-8228492
oron(a)actcom.co.il
http://users.actcom.co.il/~oron
Ignore Your Rights And They'll Go Away