Comment 16 for bug 586546

Sorry, I'm a bit late to the party.

How would this be achieved?

If it's a matter of putting 'exec /usr/bin/byobu-launcher' into .bash_profile, I have at least one concern that is security related. Based on my experience w/ byobu-launcher, it will either create a new session or attach you to an existing one. This is where the problem lies, IMO. Based on this methodology, I think making byobu the default session manager will make Ubuntu servers more attractive targets for would-be attackers.

For example:

I log in, 'exec /usr/bin/byobu-launcher' creates a session, I su to root (why would I do this!?), and then I disconnect without explicitly exiting the session (e.g. I close a window, I experience power failure, etc). Anyone with access to my user account effectively has access to the root user as well because when they log in as me, byobu-launcher will attach them to the existing session which is currently sitting in a root shell. Even if they don't gain root access this way, byobu has definitely made it easier for them to snoop on the user by allowing them to share the same session. Do I have this correct or am I completely off base?

I think it would be much better if /usr/bin/byobu-launcher re-authorized the login user by forcing them to re-authenticate the effective user when attaching to a session in which the effective user differs from the login user... if that makes sense.

The other concern I have has to do w/ automation. I could imagine some organization has written a set of expect scripts (why!?) that among other things, log into systems, perform some tasks, and then log out....

foo@localhost:/home/foo# logout
bash: logout: not login shell: use `exit'

It's a relatively simple fix / workaround, but annoying none-the-less.