On Thursday 02 June 2016 14:38:38 Matthias Clasen wrote:
> I think the discussion is starting to go in circles. It is pretty clear
> that we have different opinions about the desired behavior of logout.
I'll take this as an opportunity to raise a separate issue.
The current implementation has only 2 levels of control: global and individual (lingering).
For non-tiny organizations this isn't good enough:
* I would expect that root may set lingering for *groups* as well.
* Otherwise, administrators need to set policy per-individual and we are back
to square one (killing individual user processes).
* Than we can have better default policy (e.g: members of groups wheel
and staff have "lingering" on).
* Example: something similar to access.conf(5) (but "<foo>.d/*.conf" not
a monolithic file).
* The design should assume that in the future, large organization would
expect it their directory service.
(e.g: like sudoers can now be integrated in IPA).
A separate thought: maybe have a list of exceptions (tmux/screen/vnc/whatever)
but this really opens a new can of worms, so it may be
better not to mix this with the user/group granularity issue.
Thanks,
--
Oron Peled Voice: +972-4-8228492
oron@xxxxxxxxxxxx http://users.actcom.co.il/~oron
Ignore Your Rights And They'll Go Away
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
