superm1james_w said that this upstart script causes problems with shutdown: http://bazaar.launchpad.net/~ubuntu-mythtv/mythtv/mythtv-trunk-022/annotate/head%3A/debian/mythtv-backend.upstart16:36
superm1because /bin/su opens a pam session.  if not via /bin/su, what's the right way to run an upstart started system daemon as a diff user?16:37
Keybukwhy is su not the right way?16:58
Keybukis mythtv-backend supposed to run as a user16:59
Keybukor as a different uid16:59
Keybuk(they're different things :p)16:59
superm1i'm not sure why james_w said that su wasn't the right way, let me have him pop in here to indicate why he was thinking17:00
superm1different user (i think), because want to have the right $HOME etc as that user17:01
superm1james_w, "<Keybuk> why is su not the right way?"17:06
Keybukthere's a difference between17:06
james_wbug https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/44595317:07
Keybuk"foo service needs to run as user bar"17:07
Keybuk"foo service needs to run as uid bar"17:07
Keybukwhich do you want? :)17:07
Keybukjames_w: isn't that a bug in whatever's asking for the passphrase?  it should ignore non-interactive logins, surely?17:08
james_wI don't know17:08
james_wthis is something that has been in flux17:08
superm1Keybuk, what characteristics would come with running as a different user versus differ uid?17:08
james_wpreviously there was no way for it to know whether a login was interactive17:08
Keybukyes ther eis17:09
Keybukthere's been a way for 30-40 years17:09
james_wthen we got the /etc/pam.d/common-session{,-noninteractive} split17:09
Keybukit's called utmp17:09
Keybuksuperm1: well, for a start, having a PAM session ;-)17:09
james_wok, given its architecture it didn't know17:10
Keybuksuperm1: that implies having the environment of that user, e.g. $HOME set right and stuff17:10
james_wthis split makes it work in the common case17:10
Keybukjames_w: that's still a consolekit bug though17:10
superm1Keybuk, okay then definitely we want it running as a user.  it does make reference to stuff in $HOME17:10
james_wbut it is assumed that /bin/su is an interactive login17:10
Keybuk(or a pam bug)17:10
Keybukjames_w: why?  su is only a *login* if run with -, -l or --login17:10
james_wconsolekit has a narrow interface to this17:11
james_wpam-ck-connector creates a consolekit session from the pam stack when it is included the pam config for that service17:11
Keybukso? :)17:12
Keybukit's still a bug at that end17:12
Keybuksuperm1's upstart job *does not* create a login shell17:12
james_wI'm not arguing that this is the correct way to do things17:12
Keybukso no login shell or interactiveness should be assumed17:12
james_wI'm telling you the status quo17:12
james_wif you know how to fix pam-ck-connector so that we can not create sessions for non-interactive sessions that would be useful17:17
james_wthis is the first time we have hit this with upstart jobs.17:17
KeybukI don't know enough about PAM17:18
james_wwith init scripts the fix is easy as start-stop-daemon has --chuid17:18
Keybukor CK17:18
Keybukjames_w: that's why I asked right at the top17:18
Keybuk is mythtv-backend supposed to run as a user17:18
Keybuk or as a different uid17:18
james_wand I don't know enough about anything17:18
james_wit sounds like it would be useful to have you, pitti and slangasek locked in a room for 30 minutes to work out the best solution17:20
=== notting_ is now known as notting

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!