On Thu, Jun 2, 2016 at 7:04 AM, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > In all of these cases you really want to make sure that whatever the > user did ends – really ends – by the time he logs out. So that the > employee can't do stuff there except when logged in, and that he can't > do stuff there even long after he left the company, and that the spam > bot he caught gets killed as soon as he logs out. You may personally want this, and it may be part of your "big picture". But when "you", as in the generic "sys-admin" you, kill the critical task that has always worked this way, and especially when you kill it as part of the sysstem upgrades, you will be called in for the "post-mortem" for killing working systems. Do this once or twice in a quarter, and you will get a "performance review". If it happens one more time after a performance review, and you will usually be *gone* after the next annual review or when the next layooffs happen, because you've irritated countless developer, nightly operational groups, and managers from other groups who just expect things to work the same way they worked last year. Been there, done that, got the layoff bonus. > Pretty much all more modern OS designs tend to have such a clear > lifecycle btw: when the user is logged out, he's *really* logged > out. And it's completely OK if certain users get excludeded from that, > but if so, then the admin needs to sign off on that, and thus a > privilege check needs to be enforced. > > Lennart It's a reasonable approach. It definitely needed to be reviewed in the Fedora release cycle, so it can be selected or not selected as part of the announced release changes, because there are a *lot* casual processes that it will screw up. In particular unintentional logouts due to interrupted connectivity is a very, very common scenario for environments with poor connectivity. When i'm administering servers in other countries, especially for a fragile operation, I use screen and "ssh remote hostname process &" and nohup all the time to help ensure the continuity of critical operations. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
