On Wed, Jun 1, 2016 at 10:58 AM, Matthias Clasen <mclasen(a)redhat.com> wrote:
On Wed, 2016-06-01 at 09:59 -0400, Matthew Miller wrote:
> This paints a very specific premise of what a "logout" is, and I'm
> sure I agree with it. There are actually many cases where I want to
> resources on systems I have accounts on without specifically being
> logged in — the login session is just a connection in to manage
> Otherwise, we should remove user crontabs, at, and similar. And
> are definitely some systems where that policy has a place, but I
> see it making sense as Fedora default, either system wide or for any
> the Editions.
Explicitly marking things to escape the session (nohup, crontab,
starting system services, etc) is very different from just leaking any
and all non-terminating processes out of the session.
I am very much in favor of systemd enforcing that the session actually
ends when I log out, so that I don't accidentally leave processes
running. Leaking session processes have been a perennial problem that
we have been battling forever (gconf, ibus, pulseaudio, the list goes
on...). And they are causing actual problems, from preventing re-login
to subtly breaking the next session to slowing down shutdown.
That doesn't mean that you can't have user crontabs. As Lennart says,
using those mechanisms should ideally be a privileged operation (with a
lenient policy on single-user systems).
Why should the policy only be lenient on single-user systems?
Even if I accept for the moment that letting a user keep processes running
on a system when they log out should be considered "privileged", this is a
privilege that has more or less always been granted to users by default.
Why do we suddenly need to change the default?
Sure, providing functionality to *remove* that privilege from a user as
necessary is a nice feature. But I would strongly be opposed to the
distribution suddenly changing the status quo here without good reason.