SoylentNews is people
SoylentNews
The Linux Homefront Project reports on Lennart Poettering looking to do away with the good old "su" command. From the article, "With this pull request systemd now support a su command functional and can create privileged sessions, that are fully isolated from the original session. Su is a classic UNIX command and used more than 30 years. Why su is bad? Lennart Poettering says:"
Well, there have been long discussions about this, but the problem is that what su is supposed to do is very unclear. On one hand it’s supposed to open a new session and change a number of execution context parameters (uid, gid, env, …), and on the other it’s supposed to inherit a lot concepts from the originating session (tty, cgroup, audit, …). Since this is so weakly defined it’s a really weird mix&match of old and new paramters. To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes XDG_RUNTIME_DIR, specifically because XDG_RUNTIME_DIR is actually bound to the session/audit runtime and those we do not transition. Instead we simply unset it.
Long story short: su is really a broken concept. It will given you kind of a shell, and it’s fine to use it for that, but it’s not a full login, and shouldn’t be mistaken for one.
I'm guessing that Devuan won't be getting rid of "su."
(Score: 1, Troll) by caseih on Wednesday September 02 2015, @02:44AM
I did try to explain what systemd is. It's suite of services and utilities for managing a Linux system in an increasingly complex environment where things like virtualization and containerization are the norm (CoreOS is a great example). Systemd does provide a replacement for init, but that's only one small part of it. Related services like udev, that are required by systemd and many other services, are pulled into the systemd project umbrella. Such a move only makes sense, since udev is so important. Systemd provides optional services that are of use to containers and virtual machines (networkd for example). When people say such and such is being added to systemd, they don't mean it's being added to an increasingly bloated init. Far from it. Most of the time they simply mean that the systemd project is now including a new utility or service that you are free to use or not.
Like I say, I use systemd on my computers and I only use as much as I need, which for now is really only the init system. The journal is there, but I don't use it right now; rsyslog still works fine for my purposes. I do like the new config files for setting up services. Way simpler than init scripts, and potentially more secure since complex things like forking a daemon are done by one chunk of auditable code, rather than relying on every daemon to correctly implement daemonization. I don't use machinectl at all, which is what the original article is about, not su. Talk about misleading headline! Though it's fair to say that sudo and su do have serious deficiencies when it comes to kernel session management.
Sorry that my earlier response was a bit short; most people jump all over systemd without even wanting to understand the rationale, preferring to heap ad hominem attacks on Mr. Poettering or question the intelligence of RH's engineers who are very smart people and really do have a handle on security and implications. Initially many of RH's engineers were resistant to systemd, but they took a long hard look at it and came to the conclusion that it actually does things right. That's why they use it.