Bug#868359: libpam-systemd should maybe not fire on non-login users
Don Armstrong
don at debian.org
Fri Jul 14 22:04:50 BST 2017
Package: libpam-systemd
Version: 232-25
Severity: minor
It seems reasonable that non-login users should not have per-user
sessions by default. Using pam_succeed_if to skip creation for users
with /bin/false or /usr/sbin/nologin shells seems reasonable.
IE, the following (currently untested):
Name: Register user sessions in the systemd control group hierarchy
Default: yes
Priority: 0
Session-Interactive-Only: yes
Session-Type: Additional
Session:
[success=2 default=ignore] pam_succeed_if quiet shell = /bin/false
[success=1 default=ignore] pam_succeed_if quiet shell = /usr/sbin/nologin
optional pam_systemd.so
Alternatively, documenting this workaround in README.Debian might be
good enough.
--
Don Armstrong https://www.donarmstrong.com
Love is... a complex sequence of neurochemical reactions that makes
people behave like idiots. It's similar to intoxication, but the
hangover's even worse.
-- J. Jacques _Questionable Content_ #1039
http://www.questionablecontent.net/view.php?comic=1039
More information about the Pkg-systemd-maintainers
mailing list