Hi Don Am 14.07.2017 um 23:04 schrieb Don Armstrong: > It seems reasonable that non-login users should not have per-user > sessions by default. Using pam_succeed_if to skip creation for users > with /bin/false or /usr/sbin/nologin shells seems reasonable. > > IE, the following (currently untested): > > Name: Register user sessions in the systemd control group hierarchy > Default: yes > Priority: 0 > Session-Interactive-Only: yes
This was supposed to ensure that pam_systemd is only included for interactive sessions. Wouldn't it be better if non-login users use /etc/pam.d/common-session-noninteractive? Where exactly did you see pam_systemd used where it shouldn't have been? > Session-Type: Additional > Session: > [success=2 default=ignore] pam_succeed_if quiet shell = /bin/false > [success=1 default=ignore] pam_succeed_if quiet shell = > /usr/sbin/nologin > optional pam_systemd.so > Didn't know that PAM could do that. That's interesting and scary at the same time :-) -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
