Most active commenters
  • mbivert(4)

←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 12 comments | 29 Apr 24 23:59 UTC | HN request time: 1.026s | source | bottom
Show context
airocker ◴[30 Apr 24 20:21 UTC] No.40215819[source]
I have seldom come across unix multiuser environments getting used anymore for servers. Its generally just one user on one physical machine now a days. I understand run0's promise is still useful but i would really like to see the whole unix permission system simplified for just one user who has sudo access.
replies(17): >>40215898 #>>40216049 #>>40216052 #>>40216221 #>>40216591 #>>40216746 #>>40216794 #>>40216847 #>>40217413 #>>40217462 #>>40218411 #>>40219644 #>>40219888 #>>40220264 #>>40221109 #>>40223012 #>>40225619 #
1. mbivert ◴[30 Apr 24 20:54 UTC] No.40216221[source]
I've never understood the need for sudo(1) on single-user, physical machines: I keep a root shell (su(1)) around for admin tasks, and it's always been sufficient.
replies(4): >>40216440 #>>40217134 #>>40217199 #>>40239486 #
2. airocker ◴[30 Apr 24 21:15 UTC] No.40216440[source]
Its just maybe easier way to not have to go to the root shell.
replies(1): >>40216629 #
3. mbivert ◴[30 Apr 24 21:33 UTC] No.40216629[source]
Makes sense (I keep one warm in a tmux, two shortcuts away at most, so it never occurred to me).
4. lupusreal ◴[30 Apr 24 22:20 UTC] No.40217134[source]
One password is easier than two and it feels weird to use the same password for both accounts. About half of my sudo invocations are 'sudo su' lmao.
replies(4): >>40217721 #>>40218811 #>>40219340 #>>40220212 #
5. chgs ◴[30 Apr 24 22:29 UTC] No.40217199[source]
Everything I run with sudo is logged so I know how I messed up.

Nothing worse than ansible with its “sudo /tmp/whatever.sh” which hides what it’s doing.

replies(1): >>40220288 #
6. bmicraft ◴[30 Apr 24 23:28 UTC] No.40217721[source]
You could probably save a process with `sudo -i`
replies(1): >>40223090 #
7. MadnessASAP ◴[01 May 24 02:14 UTC] No.40218811[source]
You're entering your own accounts password, not root, when you use sudo. It's a security measure to prove our shell hasn't been hijacked and to make you pause and acknowledge your running a command that may affect the entire system.

You can also disable it in the sudoers file.

8. lanstin ◴[01 May 24 03:55 UTC] No.40219340[source]
of mine are sudo bash.
9. mbivert ◴[01 May 24 06:34 UTC] No.40220212[source]
> it feels weird to use the same password for both accounts

I'm not sure different passwords adds more protection for single-user machines, especially when sudo(1) can spawn root shells!

10. mbivert ◴[01 May 24 06:49 UTC] No.40220288[source]
> Everything I run with sudo is logged so I know how I messed up.

FWIW, shells have a (configurable) history file. I'm not sure how it compares to sudo's logging though. I also personally perform little day to day admin tasks (I don't have as much time nor interest to toy around as I used to, and my current setup has been sufficient for about a decade).

> Nothing worse than ansible with its “sudo /tmp/whatever.sh” which hides what it’s doing.

That's a nightmare indeed; for sensitive and complex-enough tasks requiring a script, those scripts should at least be equipped with something as crude as a ``log() { printf ... | tail $logfile`` }.

11. lupusreal ◴[01 May 24 13:41 UTC] No.40223090{3}[source]
Slightly less convienent to type.
12. anon291 ◴[02 May 24 18:08 UTC] No.40239486[source]
Scripting.