Re: [systemd-devel] starting processes for other users
On Mon, 03.08.15 03:29, Spencer Baugh (sba...@catern.com) wrote: Colin Guthrie gm...@colin.guthr.ie writes: Michał Zegan wrote on 31/07/15 12:37: The thing is, if the user does it, then after he leaves, the process is running under the user's session. If I log in to my own account, su to the other user and start the process and then logout, this process, even though running as the other user, is in my own session. Actually it is sometimes confusing to see utmp entries saying different things than loginctl ;) Using tools like su is rarely doing what you expect. It doesn't start a new pam session and doesn't start a systemd --user etc. etc. Is there a tool like su that does do that? That is, a way to switch from root to another user without authenticating, that does start a PAM session and register with logind and all of that. That's something that would be useful, if it's possible... There's SSH. That said, I think we could probably beef up machinectl login to also work on the local host, instead of just a container, providing precisely what you are asking for. Also see: https://github.com/systemd/systemd/issues/825 Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] starting processes for other users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually the use case is when I want to start a process for the user where i have permission to do this, but I have no password. SSH can not be used in this case, actually. W dniu 2015-08-06 o 10:56, Lennart Poettering pisze: On Mon, 03.08.15 03:29, Spencer Baugh (sba...@catern.com) wrote: Colin Guthrie gm...@colin.guthr.ie writes: Michał Zegan wrote on 31/07/15 12:37: The thing is, if the user does it, then after he leaves, the process is running under the user's session. If I log in to my own account, su to the other user and start the process and then logout, this process, even though running as the other user, is in my own session. Actually it is sometimes confusing to see utmp entries saying different things than loginctl ;) Using tools like su is rarely doing what you expect. It doesn't start a new pam session and doesn't start a systemd --user etc. etc. Is there a tool like su that does do that? That is, a way to switch from root to another user without authenticating, that does start a PAM session and register with logind and all of that. That's something that would be useful, if it's possible... There's SSH. That said, I think we could probably beef up machinectl login to also work on the local host, instead of just a container, providing precisely what you are asking for. Also see: https://github.com/systemd/systemd/issues/825 Lennart -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJVw1gEAAoJEHb1CzgxXKwYC30P/RKqfmMw6V9y/U4houj5+k6M N2CKFTqG2NR62hnLJC88H7qdtDkZLgSGz4za7r92YNWmrq6bXzkeW98ZOEl9gpQx +Q00XnsUHI9jAwXtDh6fJ/uwvFg8iyvSTkGcP4SNkgXZmBc3/u/PBS7USUWU2d2/ dLjU/7skZVMu3hZMDjqap+4jyQFiSr2cWk2961LP/BxBjlehILZxUE6iQ/8xBLm+ 64cx9zw7ShjObdY1i/KDuAonW0GVGEzRnQ9lJ436Cp40N/QTh9eOvaCgj0jWHGjj dywTKgOZXb9RVsE3FY/RHp5t3qD/zTQi9fK0/2riyBWF5KhAHMLjZaQosmtGUUfa A5uu1gMkckQG7tGgbhnYdnswO4UibA1xRjLIAjtAvDlLdk7rzS81LCrBaLBVZFrU yjw7oCPhm2enRjKC6nIrsKYAedB0K2QbTSDHLdboEKPAI2LtMNEuAeClYAM/1PIO nFPKCNtKVFaF9GLymYso3FdgXQz5a1GasVJw2amfkpF1TTcJGhxwzNwMdrh/stEE TRafgdEs1hgJYpGrph6rT3ZTRxniPW2dySCBF+kqGOBYuXEU8dEP/pqE2/sZaGY9 NRZxO1Z/rB2v5/ExHpITlX/+DO9BJkY3sFiVNlGrO5Bgc6Sc4gd5L4AToQPpUmrW yXofQ9HNmr8EAA0gwqvv =n+x3 -END PGP SIGNATURE- ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] starting processes for other users
On Sat, Aug 1, 2015 at 5:26 PM, Colin Guthrie gm...@colin.guthr.ie wrote: Michał Zegan wrote on 31/07/15 12:37: The thing is, if the user does it, then after he leaves, the process is running under the user's session. If I log in to my own account, su to the other user and start the process and then logout, this process, even though running as the other user, is in my own session. Actually it is sometimes confusing to see utmp entries saying different things than loginctl ;) Using tools like su is rarely doing what you expect. It doesn't start a new pam session and doesn't start a systemd --user etc. etc. If I read sources correctly, it happens only if audit is enabled, which means under some configurations it does start new session. And IIRC it does start new session at least when used in ExecStart - there was a lot of discussion about it. So it does not look consistent. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] starting processes for other users
Colin Guthrie gm...@colin.guthr.ie writes: Michał Zegan wrote on 31/07/15 12:37: The thing is, if the user does it, then after he leaves, the process is running under the user's session. If I log in to my own account, su to the other user and start the process and then logout, this process, even though running as the other user, is in my own session. Actually it is sometimes confusing to see utmp entries saying different things than loginctl ;) Using tools like su is rarely doing what you expect. It doesn't start a new pam session and doesn't start a systemd --user etc. etc. Is there a tool like su that does do that? That is, a way to switch from root to another user without authenticating, that does start a PAM session and register with logind and all of that. That's something that would be useful, if it's possible... ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] starting processes for other users
Michał Zegan wrote on 31/07/15 12:37: The thing is, if the user does it, then after he leaves, the process is running under the user's session. If I log in to my own account, su to the other user and start the process and then logout, this process, even though running as the other user, is in my own session. Actually it is sometimes confusing to see utmp entries saying different things than loginctl ;) Using tools like su is rarely doing what you expect. It doesn't start a new pam session and doesn't start a systemd --user etc. etc. Ultimately, you'll always be able to do bad things here and have process for the wrong users in sessions if you use this kind of approach (same for setuid binaries). The trick is to avoid doing these things if this is not what you want! :) Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] starting processes for other users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The thing is, if the user does it, then after he leaves, the process is running under the user's session. If I log in to my own account, su to the other user and start the process and then logout, this process, even though running as the other user, is in my own session. Actually it is sometimes confusing to see utmp entries saying different things than loginctl ;) W dniu 2015-07-31 o 05:35, Andrei Borzenkov pisze: В Fri, 31 Jul 2015 00:19:06 +0200 Michał Zegan webczat_...@poczta.onet.pl пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. What is the recommended easy way to start processes that stay longer like screen in case I want to do it by first executing su to change to the target user? This is controlled by KillUserProcesses, see man logind.conf. But default is to leave them running, so it should just work. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJVu13nAAoJEHb1CzgxXKwYH5IP/2ylY+6YSmmh/O0bXR3t49DO EVjD01PtEzXjfmA9HFfZ3ybyoQlABvdO3PP3k6SnoR+kdgQTHOP86LdbWhf5sNZQ KbLnG2pnuli4XB4Dg+ueMa3B2nomOX+CNu3arBpMDVTvcOUAAF4bJBF06urx+0KX sTT6T37prJUrhjhAJ5K4YHo8+zoqU+u1zM51e0gNACn8DCb9A4l71GnpN6Zml+fY fJCmXKgkzfavWECm4qCvEIR0X7K0lkD/MihF/ritFNd1Qh9qHPUcubLkr/DFSKcU Artu7JWdGMID3y41brEJ+b/iXFCt63/gJLE3WSFjT4c0OfAr16vPRW6iGioflNn4 jd9YfAzugSXkZNdiaAJ8RArH3ue1CULctIq7SE/QR2MZ2IPDMmzdVGvkl/0hQ31r ZG4MsSfsyPWrrC9EfQCX/taSgEouUapMic5cFSLfEFljxGN2ldHZyrWmBobFvmHt dOpqtU3iH06qOb4C5Q7N32nbGJnNeN6UstqYryQYOiobL4ydLBGnpm/GPQP/hjha 5xirMkPTy8MpaR+3fPMsMOXLK5NYMMDjHv3wuv/jLbgaVSs/ZM6VArYikR1DHgut /DwSLbuwK/f/m9TtonSBk1nHPBkShx5GQLJb1J8VRuJOZFi2p7U4bj0EwXeALNCW YH06jKDeMl0nezItvCfP =PWnk -END PGP SIGNATURE- ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] starting processes for other users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 В Fri, 31 Jul 2015 00:19:06 +0200 Michał Zegan webczat_...@poczta.onet.pl пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. What is the recommended easy way to start processes that stay longer like screen in case I want to do it by first executing su to change to the target user? This is controlled by KillUserProcesses, see man logind.conf. But default is to leave them running, so it should just work. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEARECAAYFAlW67RAACgkQR6LMutpd94zC9gCfYFLEInR4sMtcyW8W81awrQMm 3UcAoIA2zyDvq4u9EAsktdEkPsQnBwGL =FTrm -END PGP SIGNATURE- ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
