SoylentNews is people
SoylentNews
The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 1, Troll) by caseih on Tuesday September 01 2015, @04:23AM
It's not folded into the init system! What are you talking about? Look, the problem with these systemd discussions is that "ordinary users" such as yourself can't be bothered to even learn what systemd is let alone what it can do for you before you start arguing like this. If you really do want to know what systemd is about, I'm sure people who are up on it are happy to talk to you about it and explain its benefits to you.
People have this weird idea that systemd is some monstrous, monolithic init system. It's not at all like that. Systemd is not monolithic at all. It's simply a collection of utilities and services, most of which are optional, among which is a very fast and very flexible init system that is simple better than anything out there right now. Systemd services and utilities do depend on core systemd components, true. But many components are for specialized use cases like containers, so those parts simply aren't necessary on your desktop system and most likely not installed. For example, networkd. But for those that want and need such a beast, it's there and it is well-integrated once you install it.
I use systemd on all my machines, but I only use a small portion of it. I have at most systemd libs, init, and journal, and some of the command line utilities. And, gasp, I run rsyslogd to keep a standard syslog available since systemd preserves the standard syslog interface. I could use the journal if I want or need--it does do finer-grained logging which is nice for debugging--but my syslogs are all there like they always were before. I don't use machinectl and I'm unlikely to need it anytime soon as I don't run containers. So the ability to safely and securely get a root shell with machinectl doesn't affect me in the slightest. I continue to use sudo su - for most of my root shell needs.
(Score: 2) by srobert on Tuesday September 01 2015, @05:28AM
"It's not folded into the init system! What are you talking about?"
The title of the article referenced in this story is "Lennart Poettering merged “su” command replacement into systemd". Systemd, I was told by people who are supposed to know, is the new init system in Linux. So you should be able to see how I interpreted that as "su being folded into the init system".
" Look, the problem with these systemd discussions is that "ordinary users" such as yourself can't be bothered to even learn what systemd is let alone what it can do for you before you start arguing like this. If you really do want to know what systemd is about, I'm sure people who are up on it are happy to talk to you about it and explain its benefits to you."
Re-read that last part and substitute the word "scientology" for "systemd". :-)
It's not that I can't "be bothered". It's more that my base of knowledge isn't sufficient to absorb all that those who are up on it want to tell me. What I do understand is that systemd is being vertically integrated into the system in such a way that desktop systems such as Gnome3 and Cinnamon were becoming dependent on it, making them unavailable to those of us who choose to use BSD or Linux distributions that haven't bought into abandoning the "quaint notion" of each tool doing one thing well.
(Score: 1, Troll) by caseih on Wednesday September 02 2015, @02:44AM
I did try to explain what systemd is. It's suite of services and utilities for managing a Linux system in an increasingly complex environment where things like virtualization and containerization are the norm (CoreOS is a great example). Systemd does provide a replacement for init, but that's only one small part of it. Related services like udev, that are required by systemd and many other services, are pulled into the systemd project umbrella. Such a move only makes sense, since udev is so important. Systemd provides optional services that are of use to containers and virtual machines (networkd for example). When people say such and such is being added to systemd, they don't mean it's being added to an increasingly bloated init. Far from it. Most of the time they simply mean that the systemd project is now including a new utility or service that you are free to use or not.
Like I say, I use systemd on my computers and I only use as much as I need, which for now is really only the init system. The journal is there, but I don't use it right now; rsyslog still works fine for my purposes. I do like the new config files for setting up services. Way simpler than init scripts, and potentially more secure since complex things like forking a daemon are done by one chunk of auditable code, rather than relying on every daemon to correctly implement daemonization. I don't use machinectl at all, which is what the original article is about, not su. Talk about misleading headline! Though it's fair to say that sudo and su do have serious deficiencies when it comes to kernel session management.
Sorry that my earlier response was a bit short; most people jump all over systemd without even wanting to understand the rationale, preferring to heap ad hominem attacks on Mr. Poettering or question the intelligence of RH's engineers who are very smart people and really do have a handle on security and implications. Initially many of RH's engineers were resistant to systemd, but they took a long hard look at it and came to the conclusion that it actually does things right. That's why they use it.
(Score: 1) by rtfazeberdee on Thursday September 03 2015, @02:07PM
well, if you actually read about what has been developed instead of relying on a troll bait lie of a headline, then you will see "machinectl shell" and "su" are separate binaries and will co-exist. "su" has not been deprecated. do some research.
(Score: 1, Troll) by utoddl on Tuesday September 01 2015, @01:19PM
Not in this forum. Look at the vitriol above and below. Look at the info to condescension ratio (almost 0.01%) in those comments. Why would anyone who understands why systemd is useful wade into these waters? Life is short enough.
The reasons for this move were not spelled out very well in the opening paragraph, so it's understandable why there would be questions. That doesn't justify the pile-on of hate. If the system provides sessions and cgroups, and you want to start a root session, it makes sense that you would obtain a new session from the part of the system that generates sessions. Sudo and su can't do that; they are part of existing sessions. Sure, you can get a root shell, and if that's all you need, fine, use them. But if you need a session unpolluted by your user session, this is a much cleaner (i.e. actually has a hope of working) solution.
(Score: 0) by Anonymous Coward on Thursday September 03 2015, @03:47PM
One may wonder if the confusion of systemd the binary and systemd the project is an intentional PR psyops...