On Thu, Jun 2, 2016 at 7:04 AM, Lennart Poettering <mzerqung(a)0pointer.de> wrote:
In all of these cases you really want to make sure that whatever the
user did ends – really ends – by the time he logs out. So that the
employee can't do stuff there except when logged in, and that he can't
do stuff there even long after he left the company, and that the spam
bot he caught gets killed as soon as he logs out.
You may personally want this, and it may be part of your "big
picture". But when "you", as in the generic "sys-admin" you, kill
critical task that has always worked this way, and especially when you
kill it as part of the sysstem upgrades, you will be called in for the
"post-mortem" for killing working systems. Do this once or twice in a
quarter, and you will get a "performance review". If it happens one
more time after a performance review, and you will usually be *gone*
after the next annual review or when the next layooffs happen, because
you've irritated countless developer, nightly operational groups, and
managers from other groups who just expect things to work the same way
they worked last year.
Been there, done that, got the layoff bonus.
Pretty much all more modern OS designs tend to have such a clear
lifecycle btw: when the user is logged out, he's *really* logged
out. And it's completely OK if certain users get excludeded from that,
but if so, then the admin needs to sign off on that, and thus a
privilege check needs to be enforced.
It's a reasonable approach. It definitely needed to be reviewed in the
Fedora release cycle, so it can be selected or not selected as part of
the announced release changes, because there are a *lot* casual
processes that it will screw up. In particular unintentional logouts
due to interrupted connectivity is a very, very common scenario for
environments with poor connectivity. When i'm administering servers in
other countries, especially for a fragile operation, I use screen and
"ssh remote hostname process &" and nohup all the time to help ensure
the continuity of critical operations.