Hi, Russ Allbery: > > How difficult would it be, for the sake of compatibility if nothing > > else, to teach su not to create a new PAM session when it doesn't > > already run within one? > > You don't want to do that in general since that defeats the primary > purpose of su: creating a new session as a different user. > That's exactly my point. *In general*.
I see two cases here. * I'm a logged-in user and use su to run … whatever. In this case, whether it creates a new session or not doesn't matter (because there already is one), so one more cannot add more blockage to hibernation et al. than there already is. * I'm a startup script or cron job. For me, su should just set credentials, but *not* create any session or similar. * Oh, wait, there's a third one: I'm using su to manually run "/etc/init.d/skeleton start", and expect the daemon thus started to hang around indefinitely. Not a problem with systemd since it redirects the actual starting-of-the- -daemon part to itself, thanks to the LSB function inclusion which IMHO every init script should have these days (NB, does Lintian check for that?). > It's sort of an interesting question as to whether you want to set up a > new session when running a single command. Since su can't really know whether the command it runs is to be used like a shell, a one-off, or a daemon, I'm afraid that this question doesn't have a good answer. -- -- Matthias Urlichs -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140514151206.ga15...@smurf.noris.de