SoylentNews is people
SoylentNews
The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 0, Disagree) by Anonymous Coward on Monday August 31 2015, @08:02PM
The problem is that systemd offers solutions for problems software developers have. Nobody else bothers to listen, not to mention to implement any alternative solution more in line with whatever ideals may apply.
Just take running X11 without being root. That has been a goal when I became active in Linux in the mid 1990s. Logind finally enables that. Wayland will also require logind fornthe same funxtionality last I checked. There is just no other solution to that problem to be had.
Please somebody start to listen to the need of developers and come up with solutions that do not rely on systemd! Otherwise we will be stuck with that for sure.
(Score: 3, Informative) by Zz9zZ on Monday August 31 2015, @08:25PM
http://www.linuxquestions.org/questions/linux-desktop-74/running-x11-as-root-4175505576/ [linuxquestions.org]
The entire thread disagrees and offers pretty simple workarounds.
Sometimes the fact that it is difficult to do something means the developers need to figure out how to make that happen. Security is a real concern, and it takes some very simple mistakes to open the gates.
For the easiest example, take Android. "Let's make the lives of developers REALLY EASY" they said, and thus it has taken years to implement security controls by default, as mentioned in one of today's articles. Developers could implement whatever permissions they needed. Now they are switching tracks because privacy and security have finally (thanks to a certain hero of the people) become a concern for the general public.
Poettering has solved many issues, and made it easy to accomplish some rather specific tasks, but so far I have yet to see a single comment from the supporters claiming how much easier it is to code now. There were old and crufty systems and place to be sure, but the scope creep is insane... How people can imagine this is ok is beyond me, I guess its because we're in the 21st century now and all those old people didn't even know what they were doing. I can't believe I'm saying this but where are the code hipsters that think the old stuff is still cool? Another few years maybe, after some major bug/privacy scandal?
~Tilting at windmills~
(Score: -1, Flamebait) by Anonymous Coward on Monday August 31 2015, @09:12PM
Funny. Your hero worship does not extend to everyone. "It is important to ME, so therefore it is important to EVERYONE."
Don't be such an arrogant ass.
(Score: 0) by Anonymous Coward on Tuesday September 01 2015, @06:37PM
Thank you echo chamber. May I have another down mod? I'll toe the Party line, Comrade, and dare not speak against the groupthink anymore.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @03:44PM
1. logind enables nothing. polkit is the active part in the whole shebang. That is the part sitting suid root and doing all the delegation of resource access.
2. wayland at its core is a svgalib for the GPU era. It is basically there to paint pretty stuff in the GPU buffer and thats it. On its own wayland does nothing, unlike X11. With wayland the WM is the party that does all the device access etc. Thus it is Gnome, KDE and the rest that needs some way to get root grade access to /dev entries. Hence logind (because the forerunner consokekit, that didn't need a specific init sitting as pid1, was depreciated by Poettering) acting as the go between for the WM and polkit.
3. The reason for X11 being run as root was that it needed access to a bunch of /dev entries. By default those are root exclusive. So running it as root was the quicker way.