SoylentNews is people
SoylentNews
The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 2) by srobert on Tuesday September 01 2015, @05:28AM
"It's not folded into the init system! What are you talking about?"
The title of the article referenced in this story is "Lennart Poettering merged “su” command replacement into systemd". Systemd, I was told by people who are supposed to know, is the new init system in Linux. So you should be able to see how I interpreted that as "su being folded into the init system".
" Look, the problem with these systemd discussions is that "ordinary users" such as yourself can't be bothered to even learn what systemd is let alone what it can do for you before you start arguing like this. If you really do want to know what systemd is about, I'm sure people who are up on it are happy to talk to you about it and explain its benefits to you."
Re-read that last part and substitute the word "scientology" for "systemd". :-)
It's not that I can't "be bothered". It's more that my base of knowledge isn't sufficient to absorb all that those who are up on it want to tell me. What I do understand is that systemd is being vertically integrated into the system in such a way that desktop systems such as Gnome3 and Cinnamon were becoming dependent on it, making them unavailable to those of us who choose to use BSD or Linux distributions that haven't bought into abandoning the "quaint notion" of each tool doing one thing well.
(Score: 1, Troll) by caseih on Wednesday September 02 2015, @02:44AM
I did try to explain what systemd is. It's suite of services and utilities for managing a Linux system in an increasingly complex environment where things like virtualization and containerization are the norm (CoreOS is a great example). Systemd does provide a replacement for init, but that's only one small part of it. Related services like udev, that are required by systemd and many other services, are pulled into the systemd project umbrella. Such a move only makes sense, since udev is so important. Systemd provides optional services that are of use to containers and virtual machines (networkd for example). When people say such and such is being added to systemd, they don't mean it's being added to an increasingly bloated init. Far from it. Most of the time they simply mean that the systemd project is now including a new utility or service that you are free to use or not.
Like I say, I use systemd on my computers and I only use as much as I need, which for now is really only the init system. The journal is there, but I don't use it right now; rsyslog still works fine for my purposes. I do like the new config files for setting up services. Way simpler than init scripts, and potentially more secure since complex things like forking a daemon are done by one chunk of auditable code, rather than relying on every daemon to correctly implement daemonization. I don't use machinectl at all, which is what the original article is about, not su. Talk about misleading headline! Though it's fair to say that sudo and su do have serious deficiencies when it comes to kernel session management.
Sorry that my earlier response was a bit short; most people jump all over systemd without even wanting to understand the rationale, preferring to heap ad hominem attacks on Mr. Poettering or question the intelligence of RH's engineers who are very smart people and really do have a handle on security and implications. Initially many of RH's engineers were resistant to systemd, but they took a long hard look at it and came to the conclusion that it actually does things right. That's why they use it.
(Score: 1) by rtfazeberdee on Thursday September 03 2015, @02:07PM
well, if you actually read about what has been developed instead of relying on a troll bait lie of a headline, then you will see "machinectl shell" and "su" are separate binaries and will co-exist. "su" has not been deprecated. do some research.