Matthias Urlichs <matth...@urlichs.de> writes: > I see two cases here.
> * I'm a logged-in user and use su to run … whatever. > In this case, whether it creates a new session or not doesn't matter > (because there already is one), so one more cannot add more blockage to > hibernation et al. than there already is. PAM sessions are not just for blocking hibernation. They do many other things as well. If you use su to run a command as another user where you have to authenticate with a password, and you're using pam-krb5, you may indeed want to create a new session so that your new Kerberos tickets are properly stored (for NFSv4 access, for example) and removed properly when that command or shell exits. (Now, as it happens, in that particular case, I think only calling setcred will do the right thing if the parent sticks around to call pam_end after the command finishes. But I don't believe that's universally the case.) > * I'm a startup script or cron job. > For me, su should just set credentials, but *not* create any session > or similar. Right. (Or you should use something other than su.) > * Oh, wait, there's a third one: > I'm using su to manually run "/etc/init.d/skeleton start", and expect the > daemon thus started to hang around indefinitely. > Not a problem with systemd since it redirects the actual > starting-of-the-daemon part to itself, thanks to the LSB function > inclusion which IMHO every init script should have these days (NB, > does Lintian check for that?). Right. And I think it does, although I'm not sure. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87wqdo2tkl....@windlord.stanford.edu
