On Wed, Feb 11, 2026 at 01:13:05AM +0100, Vincent Lefevre wrote: > On 2026-02-10 18:38:10 -0500, Thomas Dickey wrote: > > On Tue, Feb 10, 2026 at 11:59:38PM +0100, Vincent Lefevre wrote: > > > On 2026-02-10 17:06:48 -0500, Thomas Dickey wrote: > > > > utempter uses setgid, while systemd (whose documentation is per-line of > > > > code no better than utempter) appears to require root privilege > > > > (which of course is a big step backwards). > > > > > > As I understand the doc, software should not call systemd directly, > > > but should use PAM, and more specifically, pam_systemd: > > > > > > pam_systemd - Register user sessions in the systemd login manager > > > > > > Then, concerning the needed permissions, isn't this controlled by > > > PAM configuration? > > > > presumably - but ultimately it's a matter of authentication. > > How do you suppose xterm would accomplish that? > > I don't know how this works, but I'm wondering why you mentioned > authentication. The only thing that should be used concerning the > user is the PID of the process.
man pam:
pam - Pluggable Authentication Modules Library
...
DESCRIPTION
PAM is a system of libraries that handle the authentication tasks of
applications (services) on the system. The library provides a stable
general interface (Application Programming Interface - API) that
privilege granting programs (such as login(1) and su(1)) defer to to
perform standard authentication tasks.
I'd suppose PAM wants more than a process-id,
and am asking how you suppose that could be accomplished.
--
Thomas E. Dickey <[email protected]>
https://invisible-island.net
signature.asc
Description: PGP signature
