Most active commenters
  • airocker(6)
  • mbreese(4)
  • whimsicalism(3)
  • bayindirh(3)

←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 22 comments | 29 Apr 24 23:59 UTC | HN request time: 0.689s | source | bottom
Show context
airocker ◴[30 Apr 24 20:21 UTC] No.40215819[source]
I have seldom come across unix multiuser environments getting used anymore for servers. Its generally just one user on one physical machine now a days. I understand run0's promise is still useful but i would really like to see the whole unix permission system simplified for just one user who has sudo access.
replies(17): >>40215898 #>>40216049 #>>40216052 #>>40216221 #>>40216591 #>>40216746 #>>40216794 #>>40216847 #>>40217413 #>>40217462 #>>40218411 #>>40219644 #>>40219888 #>>40220264 #>>40221109 #>>40223012 #>>40225619 #
mbreese ◴[30 Apr 24 21:52 UTC] No.40216847[source]
> across unix multiuser environments getting used anymore for servers

I guess it depends on the servers. I'm in academic/research computing and single-user systems are the anomaly. Part of it is having access to beefier systems for smaller slices of time, but most of it is being able to share data and collaboration between users.

If you're only used to cloud VMs that are setup for a single user or service, I guess your views would be different.

replies(1): >>40216876 #
1. shrimp_emoji ◴[30 Apr 24 21:54 UTC] No.40216876[source]
> If you're only used to cloud VMs that are setup for a single user or service, I guess your views would be different.

This is overwhelmingly the view for business and personal users. Settings like what you described are very rare nowadays.

No corporate IT department is timesharing users on a mainframe. It's just baremetal laptops or VMs on Windows with networked mountpoints.

replies(3): >>40217191 #>>40217763 #>>40220135 #
2. mbreese ◴[30 Apr 24 22:27 UTC] No.40217191[source]
Multi-user clusters are still quite common in HPC. And I think you're not going to see a switch away from multi-user systems anytime soon. Single user systems like laptops might be a good use-case, but even the laptop I'm using now has different accounts for me and my wife (and it's a Mac).

When you have one OS that is used on devices from phones, to laptops, to servers, to HPC clusters, you're going to have this friction. Could Linux operate in a single-user mode? Of course. But does that really make sense for the other use-cases?

replies(2): >>40217382 #>>40217636 #
3. airocker ◴[30 Apr 24 22:46 UTC] No.40217382[source]
you could potentially create multiple containers in that machine which are single user and give to every user who needs access. CPU/Memory/GPU can be assigned in any way you want(shared/not shared). Now no user can mess up another user.
replies(3): >>40218780 #>>40220499 #>>40220652 #
4. whimsicalism ◴[30 Apr 24 23:17 UTC] No.40217636[source]
is it? most HPC (if GPU clusters count) are probably in industry and managed by containers
replies(2): >>40218964 #>>40219910 #
5. twic ◴[30 Apr 24 23:34 UTC] No.40217763[source]
I wonder if they might be more common than you think. You will never see someone standing up at a conference and describing this setup, but there are millions of machines out there quietly doing work which are run by people who do not speak at conferences.

Where i work, we have a lot of physical machines. The IT staff own the root account, and development teams get some sort of normal user accounts, with highly restricted sudo.

6. SoftTalker ◴[01 May 24 02:09 UTC] No.40218780{3}[source]
It's not "that machine" it's a cluster of dozens or hundreds of machines that is partitioned in various ways and runs batch jobs submitted via a queuing system (probably slurm).
7. birdiesanders ◴[01 May 24 02:43 UTC] No.40218964{3}[source]
Containers rely on many privilege separation systems to do what they do, they are in fact a rather extreme case of multi-user systems, but they tend to present as “single” user environs to the container’s processes.
replies(2): >>40225015 #>>40249510 #
8. bayindirh ◴[01 May 24 05:45 UTC] No.40219910{3}[source]
HPC admin here.

Yes. First, we use user level container systems like apptainer/singularity, and these containers run under the user itself.

This is also same for non academic HPC systems.

From schedulers to accounting, everything is done at user level, and we have many, many users.

It won’t change anytime soon.

replies(2): >>40220850 #>>40227072 #
9. inopinatus ◴[01 May 24 06:20 UTC] No.40220135[source]
> No corporate IT department is timesharing users on a mainframe

Not a mainframe perhaps, but this sentiment is flat wrong otherwise, because that is how Citrix and RDS (fka Terminal Server) do app virtualization. It's an approach in widespread use both for enterprise mobile/remote access, and for thin clients in point of sale or booth applications. What's more, a *nix as the underlying infrastructure is far from unusual.

I have first-hand insider knowledge of two financial institutions that prefer this delivery model to manage the attack surface in retail settings, and a supermarket chain that prefers it because employee theft is seen as a problem. It’s also a model that is easy to describe and pitch to corporate CIOs, which is undoubtedly a merit in the eyes of many project managers.

One of the above financial institutions actually does still have an entire department of users logged in to an S/390 rented from IBM. They’ve been trying to discontinue the mainframe for years. I’m told there are similar continuing circumstances in airline reservations and credit card schemes; not just transaction processing, but connected interactive user sessions.

This is what corporate IT actually looks like. It is super different to the tech environments and white-collar head offices many of us think are the universal exemplar.

10. wongarsu ◴[01 May 24 07:32 UTC] No.40220499{3}[source]
Isn't that just reinventing multiuser operating systems? Normal Linux already has the property that no user can mess up any other user (unless they are root or have sudo rights)
replies(1): >>40232607 #
11. weebull ◴[01 May 24 07:56 UTC] No.40220652{3}[source]
Not containers, but cgroups, and that is how HPC clusters work today. You still need multiple users though.
12. pankajkumar229 ◴[01 May 24 08:28 UTC] No.40220850{4}[source]
there is no reason for users to be maintained in the kernel.
replies(1): >>40221822 #
13. bayindirh ◴[01 May 24 11:22 UTC] No.40221822{5}[source]
Can you elaborate on that?
14. whimsicalism ◴[01 May 24 15:52 UTC] No.40225015{4}[source]
> they are in fact a rather extreme case of multi-user systems

Are they? My understanding was that by default, the `dockerd` (or whatever) is root and then all containers map to the same non-privileged user.

15. whimsicalism ◴[01 May 24 18:17 UTC] No.40227072{4}[source]
I thought most containers shared the same user, ie. `dockremap` in the case of docker.

I understand academia has lots of different accounts.

replies(1): >>40227561 #
16. bayindirh ◴[01 May 24 18:48 UTC] No.40227561{5}[source]
Nope, full usermode containers (e.g.: apptainer) run under the user's own context, and furthermore under a cgroup (if we're talking HPC/SLURM at least) which restricts the user's resources to what they requested in their job file.

Hence all containers are isolated from each other, not only at process level, but at user + cgroup level too.

Apptainer: https://apptainer.org

replies(1): >>40249497 #
17. airocker ◴[02 May 24 04:10 UTC] No.40232607{4}[source]
no it is not
18. airocker ◴[03 May 24 16:30 UTC] No.40249497{6}[source]
I think a admin would better understand the system if there was only one subsystem doing a particular type of security and not two. Two subsystems doing security would lead to more problems down the road.
replies(1): >>40284651 #
19. airocker ◴[03 May 24 16:32 UTC] No.40249510{4}[source]
Good software hides complexity. User does not have to understand user group permissions suid etc etc
20. mbreese ◴[07 May 24 12:25 UTC] No.40284651{7}[source]
For HPC, there are two different contexts where users need to be considered - interactive use and batch job processing. Users login to a cluster, write their scripts, work with files, etc. This is your typical user account stuff. But they also submit jobs here.

Second, there are the jobs users submit. These are often executed on separate nodes and the usage is managed. Here you have both user and cgroup limits in place. The cgroups make sure that the jobs on have the required resources. The user authentication makes sure that the job can read/write data as the user. This was the user can work with their data on the interactive nodes.

So the two different systems have different rationales, and both are needed. It all depends on the context.

replies(1): >>40314244 #
21. airocker ◴[10 May 24 00:10 UTC] No.40314244{8}[source]
If we forget how the current system is architected, we are looking at two problems: First problem is that Linux capabilities are also dealing with isolating processes so they have limited capabilities because the user based isolation is not enough. Second problem is that local identity has no relation to the cloud identity which is undesirable. If we remove user based authentication and rely on capabilities only with identity served by cloud or kubernetes, it could be a simpler way to do authenticating and authorization
replies(1): >>40314600 #
22. mbreese ◴[10 May 24 01:11 UTC] No.40314600{9}[source]
I'm not sure I even follow...

The primary point of user-authentication is that we need to be able to read/write data and programs. So you have to have a user-level authentication mechanism someplace to be able to read and write data. cgroups are used primarily for restricting resources, so those two sets of restrictions are largely orthogonal to each other.

Second, user-authentication is almost always backed (at least on interactive nodes) by an LDAP or some other networked mechanism, so I'm not sure what "cloud" or "k8s" really adds here.

If you're trying to say that we should just run HPC jobs in the cloud, that's an option. It's not necessarily a great option from a long-term budget perspective, but it's an option.