[16:36] <superm1> james_w said that this upstart script causes problems with shutdown: http://bazaar.launchpad.net/~ubuntu-mythtv/mythtv/mythtv-trunk-022/annotate/head%3A/debian/mythtv-backend.upstart
[16:37] <superm1> because /bin/su opens a pam session.  if not via /bin/su, what's the right way to run an upstart started system daemon as a diff user?
[16:58] <Keybuk> why is su not the right way?
[16:59] <Keybuk> is mythtv-backend supposed to run as a user
[16:59] <Keybuk> or as a different uid
[16:59] <Keybuk> (they're different things :p)
[17:00] <superm1> i'm not sure why james_w said that su wasn't the right way, let me have him pop in here to indicate why he was thinking
[17:01] <superm1> different user (i think), because want to have the right $HOME etc as that user
[17:05] <james_w> hey
[17:06] <superm1> james_w, "<Keybuk> why is su not the right way?"
[17:06] <Keybuk> there's a difference between
[17:07] <james_w> bug https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/445953
[17:07] <Keybuk> "foo service needs to run as user bar"
[17:07] <Keybuk> and
[17:07] <Keybuk> "foo service needs to run as uid bar"
[17:07] <Keybuk> which do you want? :)
[17:08] <Keybuk> james_w: isn't that a bug in whatever's asking for the passphrase?  it should ignore non-interactive logins, surely?
[17:08] <james_w> I don't know
[17:08] <james_w> well
[17:08] <james_w> this is something that has been in flux
[17:08] <superm1> Keybuk, what characteristics would come with running as a different user versus differ uid?
[17:08] <james_w> previously there was no way for it to know whether a login was interactive
[17:09] <Keybuk> yes ther eis
[17:09] <Keybuk> there's been a way for 30-40 years
[17:09] <james_w> then we got the /etc/pam.d/common-session{,-noninteractive} split
[17:09] <Keybuk> it's called utmp
[17:09] <Keybuk> superm1: well, for a start, having a PAM session ;-)
[17:10] <james_w> ok, given its architecture it didn't know
[17:10] <Keybuk> superm1: that implies having the environment of that user, e.g. $HOME set right and stuff
[17:10] <james_w> this split makes it work in the common case
[17:10] <Keybuk> james_w: that's still a consolekit bug though
[17:10] <superm1> Keybuk, okay then definitely we want it running as a user.  it does make reference to stuff in $HOME
[17:10] <james_w> but it is assumed that /bin/su is an interactive login
[17:10] <Keybuk> (or a pam bug)
[17:10] <Keybuk> james_w: why?  su is only a *login* if run with -, -l or --login
[17:11] <james_w> consolekit has a narrow interface to this
[17:11] <james_w> pam-ck-connector creates a consolekit session from the pam stack when it is included the pam config for that service
[17:12] <Keybuk> so? :)
[17:12] <Keybuk> it's still a bug at that end
[17:12] <Keybuk> superm1's upstart job *does not* create a login shell
[17:12] <james_w> I'm not arguing that this is the correct way to do things
[17:12] <Keybuk> so no login shell or interactiveness should be assumed
[17:12] <james_w> I'm telling you the status quo
[17:16] <Keybuk> :)
[17:17] <james_w> if you know how to fix pam-ck-connector so that we can not create sessions for non-interactive sessions that would be useful
[17:17] <james_w> this is the first time we have hit this with upstart jobs.
[17:18] <Keybuk> I don't know enough about PAM
[17:18] <james_w> with init scripts the fix is easy as start-stop-daemon has --chuid
[17:18] <Keybuk> or CK
[17:18] <Keybuk> james_w: that's why I asked right at the top
[17:18] <Keybuk>  is mythtv-backend supposed to run as a user
[17:18] <Keybuk>  or as a different uid
[17:18] <james_w> and I don't know enough about anything
[17:20] <james_w> it sounds like it would be useful to have you, pitti and slangasek locked in a room for 30 minutes to work out the best solution