On 2025-05-17 10:08, Guido Günther wrote:
What situations would the user service for root be spawned? It's not
used for su, sudo or ssh as far as I can tell.
I get a user systemd session when I ssh as root on bookworm and unstable.
pam_systemd, I believe, is responsible for this. The behavior of that
plugin is quite opaque, though: I don't get systemd sessions for sudo -i,
despite it being in common-session (and that being called from
/etc/pam.d/sudo-i).
This leaves tty and
graphical logins (which we can ignore as they're unsafe anyway). Are
there other cases? If not I'd say lowering severity and waiting a bit
longer to see what upstream says should be o.k.
Yeah, graphical root logins are beyond repair. But, I think most
people would believe that it is safe to do a terminal root login,
and perhaps even safer, since there is no danger of a (say) trojaned
user environment contaminating root.
That said, the patch isn't huge so cherry-picking it into the next
upload wouldn't hurt either.
Cheers,
-- Guido
