Re: [OpenAFS] Linux: systemctl --user vs. AFS

2018-03-17 Thread Gaja Sophie Peters
Am 08.03.2018 um 20:08 schrieb Jonathan Billings: > There's a google doc in the Debian bug that I wrote > (https://docs.google.com/document/d/1P27fP1uj-C8QdxDKMKtI-Qh00c5_9zJa4YHjnpB6ODM/pub), > > which was to create an /etc/systemd/user/aklog.service that is > automatically started as part of

Re: [OpenAFS] Linux: systemctl --user vs. AFS

2018-03-09 Thread Jonathan Billings
On Fri, Mar 9, 2018 at 2:24 PM, Garance A Drosehn wrote: > Chances are very good that most administrators won't really understand > the security issues. Or maybe THEY will understand, but their users > will not. And then the users will get into weird problems with no >

Re: [OpenAFS] Linux: systemctl --user vs. AFS

2018-03-09 Thread Garance A Drosehn
On 9 Mar 2018, at 11:06, Dirk Heinrichs wrote: > Am 08.03.2018 um 18:54 schrieb Jeffrey Altman: >> Switching to the user keyring is unreasonable. The impact of such >> a change is that all user sessions on a system share the same tokens >> and an effective uid change permits access to those same

Re: [OpenAFS] Linux: systemctl --user vs. AFS

2018-03-09 Thread Dirk Heinrichs
Am 08.03.2018 um 18:54 schrieb Jeffrey Altman: >> 2. let AFS use the per-user keyring instead of the per-session one >> (suggested in the systemd bug discussion) >> >> Does the second one sound reasonable? > Switching to the user keyring is unreasonable. The impact of such a > change is that

Re: [OpenAFS] Linux: systemctl --user vs. AFS

2018-03-08 Thread Jonathan Billings
There's a google doc in the Debian bug that I wrote ( https://docs.google.com/document/d/1P27fP1uj-C8QdxDKMKtI-Qh00c5_9zJa4YHjnpB6ODM/pub), which was to create an /etc/systemd/user/aklog.service that is automatically started as part of the login, what it does is runs an aklog so that the processes

Re: [OpenAFS] Linux: systemctl --user vs. AFS

2018-03-08 Thread Jeffrey Altman
> 2. let AFS use the per-user keyring instead of the per-session one > (suggested in the systemd bug discussion) > > Does the second one sound reasonable? Switching to the user keyring is unreasonable. The impact of such a change is that all user sessions on a system share the same tokens

[OpenAFS] Linux: systemctl --user vs. AFS

2018-03-08 Thread Dirk Heinrichs
Hi, as some Linux users might already have noticed, there's an incompatibility issue between systemctl --user and users having their $HOME below /afs. Background: systemctl --user is the per-user equivalent of systemctl, which means starting services on behalf of the current user. For this to