su limitations and systemd

Here you can discuss every aspect of Debian. Note: not for support requests!

su limitations and systemd

Postby go4linux » 2015-08-30 12:24

https://tlhp.cf/lennart-poettering-su/

Now looking at the bug report it seems that su does have problems. What I don't understand is why move it to systemd.
Is there some merit to it or it's time to move to FreeBSD?
go4linux
 
Posts: 16
Joined: 2011-12-02 04:56

Re: su limitations and systemd

Postby Head_on_a_Stick » 2015-08-30 13:43

I love the idea of this -- I'm tempted to change my Arch system to track [testing] so I can play with it :)

(Posted from FreeBSD 10.2)
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12650
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: su limitations and systemd

Postby golinux » 2015-08-30 13:49

Let's bring some balance to this thread:

https://lists.dyne.org/lurker/message/2 ... 9a.en.html
May the FORK be with you!
User avatar
golinux
 
Posts: 1538
Joined: 2010-12-09 00:56
Location: not a 'buntard!

Re: su limitations and systemd

Postby Head_on_a_Stick » 2015-08-30 13:51

^ :lol:

Good one golinux...
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12650
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: su limitations and systemd

Postby golinux » 2015-08-30 14:08

I love this quote from a recent post in that thread. Sums up the crux of the systemd problem nicely:

I completely understand that Poettering prefers to write something like
"su is a broken concept" when he really means "What this program does is
not what I'd like it to do and I'd like it to do things it doesn't do
and since it wasn't written by me, it's not working in the way it had
worked had I written the code."
May the FORK be with you!
User avatar
golinux
 
Posts: 1538
Joined: 2010-12-09 00:56
Location: not a 'buntard!

Re: su limitations and systemd

Postby go4linux » 2015-08-30 14:25

Well, as I said, you can say the solution is bad, but if you look at the report:

https://github.com/systemd/systemd/issues/825

su is not perfect, is it? I don't think you can say "I'd like it to do things it doesn't do". Personally I never had problems with it, but it's not that I do fancy things.
To me the question is more why put it into systemd. What's wrong with fixing the current su?
go4linux
 
Posts: 16
Joined: 2011-12-02 04:56

Re: su limitations and systemd

Postby millpond » 2015-08-30 14:30

golinux wrote:Let's bring some balance to this thread:

https://lists.dyne.org/lurker/message/2 ... 9a.en.html


The brat has gone *too* far this time.

The basic command and control function of Linux to be subverted by a wunkerkind best known for kludgy audio programs?

The kiddie has been given the keys to the RH\Debian candy shop.
millpond
 
Posts: 658
Joined: 2014-06-25 04:56

Re: su limitations and systemd

Postby go4linux » 2015-08-30 14:48

millpond wrote:The brat has gone *too* far this time.

Please let's not start another "Lennart is an idiot" thread.

millpond wrote:The basic command and control function of Linux to be subverted by a wunkerkind best known for kludgy audio programs?

I don't mind, if he has a point. But so far I have only seen 1/2 of it

millpond wrote:The kiddie has been given the keys to the RH\Debian candy shop.

Well, it's actually a much bigger shop than that. Important reason for me to switch to FreeBSD.
go4linux
 
Posts: 16
Joined: 2011-12-02 04:56

Re: su limitations and systemd

Postby dasein » 2015-08-30 15:37

golinux wrote:I love this quote from a recent post in that thread. Sums up the crux of the systemd problem nicely:

Personally, I liked this one even better:
Having a privilege escalation subsystem [inside] PID 1 is nonetheless still stupid.

Even if one imagines that su is fundamentally "broken" (a point I do not actually concede), it's unclear to me how that even remotely translates into "the {only|optimal|appropriate} fix is to subsume it into PID 1."

I'm still on my first coffee, so maybe I'm missing something, but I can't see any upside. At all.

Maybe someone can explain it.
Last edited by dasein on 2015-08-30 16:19, edited 1 time in total.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: su limitations and systemd

Postby buntunub » 2015-08-30 16:13

dasein wrote:
I'm still on my first coffee, so maybe I'm missing something, but I can't see any upside. At all.

Maybe someone can explain it.


The upside to this is that many people who were on the fence before will now starting to wake up and get in the fight. Even if you (for some absolutely perverse reason) do not care about escalation privlidges moving into PID1, I think most people can see that this kid has far too much say into what Linux is and how it will work going into the future.
User avatar
buntunub
 
Posts: 591
Joined: 2011-02-11 05:23

Re: su limitations and systemd

Postby keithpeter » 2015-08-30 16:15

If you want a root session that has no inheritance from your user session, can't you just log in to a tty as root?

(I'm assuming that the

Code: Select all
$ su -

functionality will still be present, and the systemd people have simply added a command to their system, perhaps for automation reasons, so basically no big deal :shrug:)
User avatar
keithpeter
 
Posts: 502
Joined: 2009-06-14 08:06
Location: 5230n 0155w

Re: su limitations and systemd

Postby alansmithee » 2015-08-30 18:03

go4linux wrote:Well, as I said, you can say the solution is bad, but if you look at the report:

https://github.com/systemd/systemd/issues/825

su is not perfect, is it? I don't think you can say "I'd like it to do things it doesn't do". Personally I never had problems with it, but it's not that I do fancy things.

I disagree. Mr Poettering seems to think 'su' is supposed to initiate a new login session, but that is not what the command does -- it changes the user within the current session. If 'su' started a new session, killing the original session would not terminate the processes of the new session.

Starting a new session is in some cases a desirable thing -- which is why it is (has always been) available, through switching ttys or through the DMs (xdm/gdm/kdm) -- but that does not mean that all commands that don't start new sessions are flawed.
'alansmithee' is the user formerly known as 'saulgoode'.
User avatar
alansmithee
 
Posts: 41
Joined: 2013-02-02 08:02

Re: su limitations and systemd

Postby go4linux » 2015-08-30 18:21

alansmithee wrote:I disagree. Mr Poettering seems to think 'su' is supposed to initiate a new login session, but that is not what the command does -- it changes the user within the current session. If 'su' started a new session, killing the original session would not terminate the processes of the new session

Well, there is the option -l for su, which according to the documentation:
Start the shell as a login shell with an environment similar to a real login

alansmithee wrote:Starting a new session is in some cases a desirable thing -- which is why it is (has always been) available, through switching ttys or through the DMs (xdm/gdm/kdm) -- but that does not mean that all commands that don't start new sessions are flawed.

So you are basically excluding the possibility to have a real login session (whatever that means) from a regular xterm.
go4linux
 
Posts: 16
Joined: 2011-12-02 04:56

Re: su limitations and systemd

Postby go4linux » 2015-08-30 18:25

dasein wrote:Even if one imagines that su is fundamentally "broken" (a point I do not actually concede), it's unclear to me how that even remotely translates into "the {only|optimal|appropriate} fix is to subsume it into PID 1."

To me it's unclear why this has to be done this way. Your system has been started; you have no extra services to start and stop. Why do you need systemd?
go4linux
 
Posts: 16
Joined: 2011-12-02 04:56

Re: su limitations and systemd

Postby dasein » 2015-08-30 18:39

Okay, that's twice now...

Did I mistype a word? Misspell? Drop? (If so, I'm missing it, even on multiple readings.)

What you're attributing to me is exactly the opposite of what I wrote.

:?
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Next

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 10 guests

fashionable