incompatible screen update

Lennart Poettering mzerqung at 0pointer.de
Tue Feb 8 17:16:29 UTC 2011


On Tue, 08.02.11 15:05, Tomas Mraz (tmraz at redhat.com) wrote:

> > Precisely for issues like this XDG_RUNTIME_DIR has recently been
> > introduced:
> > 
> > http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
> > 
> > We carefully made sure to define the semantics of this dir to offer a
> > safe place to put these sockets.
> > 
> > While it might appear easy to simply make use of XDG_RUNTIME_DIR if set
> > in screen, and have all problems go away on modern systems (i.e. >= F15),
> > but unfortunately things aren't that easy: the lifetime of
> > XDG_RUNTIME_DIR is strictly bound to the user being logged in. Since
> > screen currently does not set up a PAM session it does not count as
> > login right now and hence will not be able to use this dir when the user
> > terminates all his real logins.
> > 
> > That all said, I actually do believe that screen should invoke the PAM
> > session setup code. Ideally, one of those days we enable automatic
> > cleanup of all processes started from a session when a session
> > ends. That would break screen unless it is fixed to set up its own
> > session environment. So, sooner or later it would be really great to
> > have screen fixed this way.
> 
> The problem is it would require making screen setuid root which I do not
> think it is too good idea. 

Well, I think the fear of making something SUID root is not reason
enough not to make things technically correct.

> I think much more reasonable is to just accept the fact that it might be
> very reasonable and desirable on some multiuser system to allow users
> having background processes that can keep running even after the user
> logs out and not to try to enforce rules such as no user process left
> after logout blindly on all systems.

Well, I am not sure I want to fight this out right now. 

Fact is that people have been requesting the ability to have guaranteed
clean-up of processes on logout, and we do provide this now (though only
opt-in) with systemd. If this is enabled this currently breaks
screen. And I think it would make sense to (optionally) make screen
create its own PAM sessions, if the admin wants to allow screens to stay
around after normal logins. Whether we later on then enable automatic
session clean-up by default or not is another question, one we shouldn't
discuss now. But the fact that kill-processes-on-logout is a feature
that is going stay is not changed by that.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the devel mailing list