Most active commenters

    ←back to thread

    Run0, a systemd based alternative to sudo, announced

    (mastodon.social)
    466 points CoolCold | 18 comments | 29 Apr 24 23:59 UTC | HN request time: 1.269s | source | bottom
    1. kevincox ◴[30 Apr 24 15:57 UTC] No.40212503[source]
    > One could say, "run0" is closer to behaviour of "ssh" than to "sudo", in many ways.

    This is an interesting offhand comment. You could implement a very similar tool by SSHing to localhost.

    replies(5): >>40214944 #>>40215277 #>>40215636 #>>40217356 #>>40217679 #
    2. __s ◴[30 Apr 24 19:08 UTC] No.40214944[source]
    Indeed, there was a blog by a redhat engineer doing that: https://tim.siosm.fr/blog/2023/12/19/ssh-over-unix-socket
    3. Arnavion ◴[30 Apr 24 19:34 UTC] No.40215277[source]
    Technically `sudo -u` can switch to any user on the system while only a limited few would be allowed as ssh targets. Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.
    replies(2): >>40215711 #>>40218852 #
    4. yegle ◴[30 Apr 24 20:03 UTC] No.40215636[source]
    In my previous job, we set up a privileged account on a server with shell set to `git-shell`, leave some shell scripts in $HOME, so that we can do:

    > ssh user@privileged-commands ./do-something

    5. pmontra ◴[30 Apr 24 20:10 UTC] No.40215711[source]
    I do use that a lot

      sudo -H -u user bash
    after I ssh into a server with my own account. That other user might even be a no login account.
    replies(1): >>40216926 #
    6. noinsight ◴[30 Apr 24 21:58 UTC] No.40216926{3}[source]
    You can just use `-i` instead of `bash`. (This method indeed requires a shell configured, your method is needed with nologin.)
    7. m463 ◴[30 Apr 24 22:44 UTC] No.40217356[source]
    I had to write an ssh client for an embedded system long ago.

    Looking at the design, I found it to be sort of messy.

    You could restrict commands ssh could invoke, but it didn't seem super secure.

    Also scp/sftp was not well designed. You basically had to give ssh access to your system to allow a file to be copied, and there were no real path restrictions.

    I personally thought ssh could be much more robust in what you could run and what you couldn't. And scp/sftp could have better filesystem semantics so you could have more security in what you could access.

    And I thought having a write-only scp would be really interesting, sort of like a dropbox for people to send you files securely, but not have to give someone ssh credentials to do it. And an anoymous scp/sftp for distribution or a dropbox could have been really interesting too.

    replies(3): >>40218088 #>>40220008 #>>40222236 #
    8. TachyonicBytes ◴[30 Apr 24 23:22 UTC] No.40217679[source]
    It's the usual way to make changes to a privileged file in Emacs; ssh to localhost with root.
    replies(3): >>40218108 #>>40218515 #>>40219077 #
    9. metalspoon ◴[01 May 24 00:21 UTC] No.40218088[source]
    Well, yes, rsync to replace scp. Sftp's also regarded a hack anyway imho.

    The write-only scp intrigues me. I guess it's not hard to write a program to do that. But, right, that's not easy with standard tools only. The Linux file system was also not designed for that (although it doesn't prohibit such software) I guess.

    replies(1): >>40219889 #
    10. terinjokes ◴[01 May 24 00:23 UTC] No.40218108[source]
    'sudo' and 'doas' are inline connection methods in TRAMP, so no need for SSH to localhost. Curious that systemd-run isn't already supported, but I imagine that will quickly change.
    11. tristan957 ◴[01 May 24 01:26 UTC] No.40218515[source]
    Why not use sudoedit?
    12. fsckboy ◴[01 May 24 02:21 UTC] No.40218852[source]
    >Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.

    would something like PermitRootLogin=localhost punch an enormous hole in your intricate opsec?

    replies(1): >>40219480 #
    13. lanstin ◴[01 May 24 03:03 UTC] No.40219077[source]
    I like to have one of my tmux windows be a sudo session with emacs running as root and mostly used to run emerge world or apt update etc. also a window tailing all the logs. I haven’t been on a machine where more than one admin was logged in at the same time in quite some time.
    14. jimbobthrowawy ◴[01 May 24 04:23 UTC] No.40219480{3}[source]
    I've set up tor on some machines to forward ssh as a hidden service for an easy to configure way to get past NAT before. That shows up as a login from localhost. (could be configured differently, with some extra work)

    There's so ways to configure access to a system, each with footguns I'm surely unaware of.

    replies(1): >>40219723 #
    15. ◴[01 May 24 05:11 UTC] No.40219723{4}[source]
    16. eru ◴[01 May 24 05:41 UTC] No.40219889{3}[source]
    > The Linux file system was also not designed for that (although it doesn't prohibit such software) I guess.

    There's no 'the' Linux file system. There's plenty of file system to choose from.

    And, in fact, it would be relatively easy to write a write-only filesystem with FUSE. (https://en.wikipedia.org/wiki/Filesystem_in_Userspace)

    17. CraigJPerry ◴[01 May 24 05:59 UTC] No.40220008[source]
    >> And I thought having a write-only scp would be really interesting

    I think you can achieve that at the file system level. At least, a long long time ago I maintained a public server with exactly that functionality. I’ve forgotten the details now but if I were tasked with this today my first attempt would be add a sticky bit like we do with /tmp: chmod +t dropbox/

    If you don’t want to allow me to delete or overwrite my own files I believe (but haven’t tested) that chattr +a on the dropbox dir would achieve that.

    18. __s ◴[01 May 24 12:31 UTC] No.40222236[source]
    You can restrict SSH commands by having it serve a restricted shell instead of arbitrary shell. Like how there's games where you can SSH into server to play

    https://crawl.develz.org/wordpress/howto#connecting