On Sat, Jul 9, 2016 at 4:46 PM, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > On Sat, Jul 09, 2016 at 07:32:01AM -0400, Nico Kadel-Garcia wrote: >> On Thu, Jul 7, 2016 at 8:13 AM, Jan Kurik <jkurik@xxxxxxxxxx> wrote: >> > = Proposed System Wide Change: KillUserProcesses=yes by default = >> > https://fedoraproject.org/wiki/Changes/KillUserProcesses_by_default >> > >> > Change owner(s): >> > * Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> >> > >> > Set the default policy to terminate processes in session scope when >> > the user logs out. Specifically, systemd-logind's KillUserProcesses >> > setting, which currently is set to "no" to override the upstream >> > default, will be removed to follow the upstream default of "yes". >> >> We already discussed this idea on this mailing list. It's a *horrible* >> idea. It breaks screen, nohup processes and all backgrounded tasks, > > Right, the next paragraph that you helpfully snipped, talks about > changing screen to automatically register itself with systemd > to avoid being killed. So let's discuss the change as proposed, > with the assumption that we modify common > run-stuff-in-the-background-on-purpose-style programs so that they > continue to work as expected. > > [...] > >> For a larger environment, it still shouldn't be killing the tasks >> automatically, That's what scheduled nightly reboots, or nightly >> audits and autokills with user email notifications are for. > > That sounds like a much worse solution in every regard — because > the issue of having to mark processes to be exempt from killing > is still present, but the process to get rid of unwanted processes > is asynchronous, heavyweight, nonstandard, and requires a lot of > admin engagement. But if you have this kind of setup in place, then > simply set KillUserProcesses=no and carry on. They're solutions for environments that need to really disconnect and scrub away dangling users. The scheduled nightly reboots, even reinstalls of systems left unused for 15 minutes, has been used for network appliances deployed in public kiosks, student clusters, and many teaching laboratories for decades. The nightly cron job to report first, and later slap processes for disconnected users are ones I've used for lab systems. My favorite dangling processes to kill have been lengthy MySQL and Postgresql queries. I *do not* want to just kill those silently in systemd, that's the sort of "security feature" that costs people their jobs for updating to the latest version of an operating system and discovering something broke normal operations. > But if you have this kind of setup in place, then > simply set KillUserProcesses=no and carry on. Please don't burn the cycles of admins who have better work to do by braking the expectations and experience of their multi user environment by introducing what acts a lot like malware. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
