On Tue, May 31, 2016 at 4:23 PM, Howard Chu <hyc@xxxxxxxxx> wrote: > DJ Delorie wrote: >> >> >> Lennart Poettering <mzerqung@xxxxxxxxxxx> writes: >>> >>> Again, as mentioned before: key here is that permitting user processes >>> to stick around after all sessions of the user ended needs to be a >>> privilieged concept. It should not be allowed for user code to stick >>> around after logout, unless this is explicitly permitted by the admin, >>> and this hence needs to be enforced by privileged code. >> >> >> How many Fedora installs are multi-user these days? How many >> single-user desktops are we afflicting with a "you must ask an admin" >> rule, when there is no admin besides the user sitting at the keyboard? >> >> Any rule that tries to split users into "unpriviledged" and "admin" is >> short-sighted. > > > Agreed. And the basic premise is utterly wrong. The user was obviously > permitted to login to the machine, they are therefore permitted to run > processes on the machine. Whether their shell process stays alive or not is > utterly irrelevant, any other processes that continue to run after their > login shell terminates is still legitimately using the machine. To call > running without a control terminal "privileged" is inventing new definitions > out of thin air. There is no logical basis for it. The entire premise is > invalid. The consistent theme by all parties I'm hearing is that there should be better sanctioning for the bad apples. Right now the perception of this feature is that sanctioning is impacting users and the upstreams of non-offending tools, more than it's impacting the actual bad apples that are the impetus behind the feature. -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
