The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 1, Troll) by utoddl on Tuesday September 01 2015, @01:19PM
Not in this forum. Look at the vitriol above and below. Look at the info to condescension ratio (almost 0.01%) in those comments. Why would anyone who understands why systemd is useful wade into these waters? Life is short enough.
The reasons for this move were not spelled out very well in the opening paragraph, so it's understandable why there would be questions. That doesn't justify the pile-on of hate. If the system provides sessions and cgroups, and you want to start a root session, it makes sense that you would obtain a new session from the part of the system that generates sessions. Sudo and su can't do that; they are part of existing sessions. Sure, you can get a root shell, and if that's all you need, fine, use them. But if you need a session unpolluted by your user session, this is a much cleaner (i.e. actually has a hope of working) solution.