SoylentNews is people
SoylentNews
The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 0) by Anonymous Coward on Monday August 31 2015, @06:13PM
So why do you care what it is called? You won't need that command one way or another.
(Score: 0) by Anonymous Coward on Monday August 31 2015, @06:21PM
Oh, you're nearly there. I don't need anything relating to containers and all that code should be split out into a separate package. Feel free to research the UNIX philosophy and minimizing attack surface by not installing redundant code on your own time!
(Score: -1, Troll) by Anonymous Coward on Monday August 31 2015, @06:48PM
Don't forget the sections on acting condescending, treating people like idiots, and attacking anything mainstream as essentially an arbiter of the apocalypse.
(Score: 1, Touché) by Anonymous Coward on Monday August 31 2015, @07:07PM
Mainstream is usually just that though.
(Score: 0) by Anonymous Coward on Tuesday September 01 2015, @09:54AM
You mean, like Poettering does?
(Score: 0) by Anonymous Coward on Monday August 31 2015, @07:16PM
> Oh, you're nearly there. I don't need anything relating to containers and all that code should be split out into a separate package.
The technology to enable containers is a pretty core part of the kernel nowadays.
The same technology that systemd uses to provide a read-only copy of /usr to daemons to run with and to prevent them from accessing anything in /home (if that is not needed). The same technology that blocks long running processes from meddling and even seeing processes they do not need to care about. The same that stops those services that do not need that from accessing the network. Those are pretty cool features that limit the attack surface.
Having a tiny binary that can run containers and VMs installed by harnessing the technology that is built into the kernel does very little harm compared to all that -- and you are free to remove that binary if you are worried, too.
I won't stop you from reading up on the stuff you talk about on your own time.
(Score: 1) by rtfazeberdee on Thursday September 03 2015, @02:36PM
they unfortunately named the project systemd as well as the binary systemd and some fools cannot see/understand the difference between a binary and a project of binaries. Search out "Linux From Scratch" and roll your own if you don't like your distros packaging. You do not need to use this optional binary.