New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change default value of RemoveIPC in logind.conf #2039
Comments
Well, it's configurable, because it can break stuff. But I am pretty sure the usecase you describe is borked... The cleanup stuff already excludes system users, i.e. all daemon users. As it appears the customer created a non-system account for this stuff, and that's what should be fixed. Sorry, but this is nothing to fix upstream... Please ask the customer to disable RemoveIPC= locally, or fix his users to become proper system users. Sorry. |
Ahh, I missed that if statement in |
Overall this seems like a helpful change. From a sysadmin PoV I'd really like to know more about what the behaviour is expected to be though. Related thread: https://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html What does systemd consider a "system user" for this purpose? The thread there discusses a hardcoded uid, but reached no clear conclusion. There's no "system user" flag in the traditional password database. Are you using a uid threshold from Where's the system user specific part of this behaviour documented? I found a note in
but it doesn't describe the system uesr behaviour. Similarly, in
it mentions system users, but doesn't define what systemd considers to be a "system user", how to make a user a system user, what consequences or other behaviour differences are experienced by system users, etc. Is the system-user-ness of a user tied to Is there any wrapper command that allows a user to spawn a daemon that survives their session for where legacy behaviour is needed? Or a systemd API a wrapper (or something like For sites that manage deployed service users via LDAP, etc, is there any way they can safely create "system users" in their directory that won't suffer from uid collisions vs local users? This is useful enough that I don't think most sites will want to just turn it off, but they're going to have to unless there's enough information to actually use it correctly. |
Examination of the code shows that it seems to use the |
This is an issue tracker, not a support forum. Please direct your questions to a proper support forum, such as the systemd mailing lists. Thank you. |
The default of this option should be off. It has cost me literally many days to track down PostgreSQL instability to this (a collegue found this).
Your arrogance is breathtaking. |
For others coming along, Oracle Linux has configured away this misfeature by default: https://docs.oracle.com/cd/E52668_01/E67200/html/section-t51_kcn_f5.html They call it a feature "intended for laptops";) |
Hello,
What about situations such as ...
I think systemd should check whether the user has any processes running, not just whether they have any active login sessions. |
I agree. Capricious and arbitrary changes should not be sacrificed on the alter of backward-compatibility. |
@poettering It's being discussed here because it's a misfeature/bug for which changes are being suggested. |
We received bug reports that default of
RemoveIPC=yes
inlogind.conf
may break 3rd party software not shipped as part of distribution. For example, consider software running various daemons which use SYSV or Posix defined IPC mechanism for communication and synchronization. At the same time, there is some maintenance script scheduled with cron which runs under same UID as daemons mentioned before. In such case, session will be created for this user and once cron job ends then session is released and given user has no active sessions (from logind's POV). logind will then do cleanup of allocated IPC resources, which is wrong because they still maybe needed by the daemon processes.The text was updated successfully, but these errors were encountered: