On Wed, Jun 1, 2016 at 10:58 AM, Matthias Clasen <mclasen@redhat.com> wrote:
On Wed, 2016-06-01 at 09:59 -0400, Matthew Miller wrote:

> This paints a very specific premise of what a "logout" is, and I'm
> not
> sure I agree with it. There are actually many cases where I want to
> use
> resources on systems I have accounts on without specifically being
> logged in — the login session is just a connection in to manage
> things.
> Otherwise, we should remove user crontabs, at, and similar.  And
> there
> are definitely some systems where that policy has a place, but I
> don't
> see it making sense as Fedora default, either system wide or for any
> of
> the Editions.

Explicitly marking things to escape the session (nohup, crontab,
starting system services, etc) is very different from just leaking any
and all non-terminating processes out of the session.

I am very much in favor of systemd enforcing that the session actually
ends when I log out, so that I don't accidentally leave processes
running. Leaking session processes have been a perennial problem that
we have been battling forever (gconf, ibus, pulseaudio, the list goes
on...). And they are causing actual problems, from preventing re-login
to subtly breaking the next session to slowing down shutdown.

That doesn't mean that you can't have user crontabs. As Lennart says,
using those mechanisms should ideally be a privileged operation (with a
lenient policy on single-user systems).


Why should the policy only be lenient on single-user systems?

Even if I accept for the moment that letting a user keep processes running on a system when they log out should be considered "privileged", this is a privilege that has more or less always been granted to users by default. Why do we suddenly need to change the default?

Sure, providing functionality to *remove* that privilege from a user as necessary is a nice feature. But I would strongly be opposed to the distribution suddenly changing the status quo here without good reason.

Ben Rosser