←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 3 comments | 29 Apr 24 23:59 UTC | HN request time: 0.657s | source
Show context
jimrandomh ◴[01 May 24 07:13 UTC] No.40220398[source]
> Or in other words: the target command is invoked in an isolated exec context, freshly forked off PID 1, without inheriting any context from the client (well, admittedly, we do propagate $TERM, but that's an explicit exception, i.e. allowlist rather than denylist).

I think in practice, this is going to be an endless source of problems, so much so that it won't be adopted. The usual use case of sudo is that you have a normal shell command, making use of the environment for context in all the ways that shell commands do, but it doesn't have all the permissions it needs, so you add "sudo" as an adverb.

Sometimes it makes use of environment variables. Sometimes stdin or stdout is redirected to a file, or to something more exotic than a file. Sometimes that means it runs inside of a chroot, or a Docker container. Sometimes you care about which process group it runs in.

And sometimes the thing you're running is a complicated shell script or shell-script-like object, eg "sudo make install". In this case, you don't really know what its dependencies are. In fact this is a common enough case that, if run0 becomes widespread, I expect it'll have a flag or a set of flags that make it act exactly like sudo, and I expect people to wind up learning that they should always give run0 those flags.

And I'm kind of worried that when this breaks stuff, the systemd project is going to push forward with some plan to get rid of sudo, and not gracefully accept the feedback that this is breaking things. I'm particularly worried about this because of the whole saga of KillUsersProcesses breaking nohup and screen, which to my knowledge is still broken many years later.

replies(8): >>40220545 #>>40220776 #>>40221057 #>>40221964 #>>40222111 #>>40223577 #>>40225155 #>>40233172 #
bayindirh ◴[01 May 24 12:09 UTC] No.40222111[source]
> And I'm kind of worried that when this breaks stuff, the systemd project is going to push forward with some plan to get rid of sudo, and not gracefully accept the feedback that this is breaking things.

Given Lennart already declared SUID concept as “bad”, I think this is the game plan all along.

Systemd: Do all the things, but not very well, and don’t listen to anyone.

replies(1): >>40222763 #
lyu07282 ◴[01 May 24 13:18 UTC] No.40222763[source]
I agree with Lennart so I'm curious what the argument is against the notion that SUID was a bad idea and we should move away from it in Linux?
replies(4): >>40222900 #>>40224154 #>>40225359 #>>40227845 #
lucideer ◴[01 May 24 16:18 UTC] No.40225359[source]
The problem with this line of thinking is it gives automatic carte blanche to anyone pointing out problems to implement "solutions" to those problems with little interrogation of whether those solutions are actually better.

SUID, like any system, is flawed. Most of those flaws are balanced trade-offs; if you're addressing one you need to be aware of the severity of any counter-problems you're inevitably introducing.

Lennart is well known for criticising existing systems while simultaneously ignoring & dismissing criticism of the proposed solutions - you need to be able to weigh up both sides in a balanced way. Lennart demonstrably isn't.

replies(1): >>40240107 #
panick21_ ◴[02 May 24 18:56 UTC] No.40240107[source]
> you need to be able to weigh up both sides in a balanced way. Lennart demonstrably isn't.

That's why nobody uses his software. I mean just nothing he does gets adopted.

The 'run0' solution uses an already existing mechanism that is already used for a lot of things.

replies(1): >>40246257 #
lucideer ◴[03 May 24 10:57 UTC] No.40246257[source]
> nobody uses his software

Yes, you're absolutely right. Popularity is the best indicator of quality.

replies(1): >>40246949 #
panick21_ ◴[03 May 24 12:32 UTC] No.40246949[source]
Its not the best indicator but to claim its meaningless is idiotic.

Specially since we are talking about free software, and not some software that Microsoft can preinstall on your laptop.

replies(2): >>40247939 #>>40328293 #
bayindirh ◴[03 May 24 14:17 UTC] No.40247939[source]
Just because it has been pushed by RedHat and others are semi-forced to adapt, it doesn't mean all distros got in line to get a copy of the software and get it adopted.

Pulse has been replaced with the pipewire as soon as it arrived, for example.

replies(1): >>40248201 #
panick21_ ◴[03 May 24 14:38 UTC] No.40248201[source]
Ah the old 'we were forced to use this free thing'. Sure.

> Pulse has been replaced with the pipewire as soon as it arrived

Pipewire combines alsa, pulse and jack. They all have different strength.

And Pulse was started by Lennard but he hasn't been involved for a very long time.

replies(1): >>40249578 #
1. bayindirh ◴[03 May 24 16:38 UTC] No.40249578[source]
> Ah the old 'we were forced to use this free thing'. Sure.

Well, I was a tech lead of a Debian derivative when Debian held the vote. I have seen and read enough. Didn't see the other "threats" thing, but since I had access to debian-devel, I was in the middle of it.

My views about systemd has not changed since then, and can be found if you search HN.

On the other hand, I have used 4-5 init systems in the last 20 years, and none of them were that aggressive and had the "we know the best" attitude, while going against all the best practices and making the same mistakes done in the past.

> Pipewire combines alsa, pulse and jack. They all have different strength.

Nope. ALSA is always there, working as the primary sink, delineating user space and hardware. I used Jack back in the day for recording, and never got to like pulse because of its backwards defaults and lassies-faire behavior about multi-channel audio (plus glitches, etc).

Pipewire is a great sound server which sits on top of ALSA, and replaces Pulse transparently, and makes everything 100x nicer along the way.

Lastly, it's Lennart Pottering. Not Lennard. :)

P.S.: It's important to understand that my views are not against the persons, but the behavior of the projects. I'd drink a nice round of beer with all of them, if I had the chance. :)

replies(1): >>40250842 #
2. panick21_ ◴[03 May 24 18:39 UTC] No.40250842[source]
The reality Debian didnt want to or couldnt develop their own. The system people used them was simply shit. And the alternatives like Upstart were just crap.

Nobody forced Debian. I followed it live too. I remember him talking to Debian and he made a technical argument for it.

I had already switched to Arch and had already been using Systemd for years at that point.

The reality is, nobody was stepping up with better solutions. Would porting SMF have been better, maybe, but nobody was porting that.

There are distros with Systemd, often very compatible ones, and almost nobody uses them.

BSD folks for years have been hoping for the linux exodus over systemd and it has never happen.

And it has to be said a 1000x times. Systemd was never just init and it mever claimed it was. By now Systemd is just a software project that makes all kind of software that you can use with or without systemd the service manager.

The should just call it the "Linux Userland Software Group" and change their naming. Then people wouldnt get triggered by the term 'systemd'.

You can have whatever technical opinion you like about systemd. Fact is most people use it, including in very large organisations. And the other fact is nobody forced systemd on Debian. Whatever consipiricy was apread in 'Devel' (and elsewhere).

replies(1): >>40251181 #
3. bayindirh ◴[03 May 24 19:12 UTC] No.40251181[source]
Thanks for confirming that I can have technical opinions about systemd, as an admin who touches more than a thousand physical servers. :)

I'll agree to disagree on the systemd's "we will replace anything and everything we even slightly dislike, and slowly make them dependent on systemd (the service manager) while not listening to you and your pesky experiences" attitude, and wish you more power for your future endeavors.

Have a nice day. :)