Re: systemd-fsck?

[Russ Allbery <rra@debian.org>]

Matthias Urlichs <matthias@urlichs.de> writes:

> I see two cases here.

> * I'm a logged-in user and use su to run … whatever.
>   In this case, whether it creates a new session or not doesn't matter
>   (because there already is one), so one more cannot add more blockage to
>   hibernation et al. than there already is.

PAM sessions are not just for blocking hibernation.  They do many other
things as well.  If you use su to run a command as another user where you
have to authenticate with a password, and you're using pam-krb5, you may
indeed want to create a new session so that your new Kerberos tickets are
properly stored (for NFSv4 access, for example) and removed properly when
that command or shell exits.

(Now, as it happens, in that particular case, I think only calling setcred
will do the right thing if the parent sticks around to call pam_end after
the command finishes.  But I don't believe that's universally the case.)

> * I'm a startup script or cron job.
>   For me, su should just set credentials, but *not* create any session
>   or similar.

Right.  (Or you should use something other than su.)

> * Oh, wait, there's a third one:
>   I'm using su to manually run "/etc/init.d/skeleton start", and expect the
>   daemon thus started to hang around indefinitely.

>   Not a problem with systemd since it redirects the actual
>   starting-of-the-daemon part to itself, thanks to the LSB function
>   inclusion which IMHO every init script should have these days (NB,
>   does Lintian check for that?).

Right.  And I think it does, although I'm not sure.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>