• BlackEco
    link
    fedilink
    112
    edit-2
    1 year ago

    Soon we will have to call it GNU/systemd/Linux

    • @[email protected]
      link
      fedilink
      511 year ago

      Nah. Replacing the kernel is probably planned for the next point release - it’ll just be GNU/systemd

    • Lexi Sneptaur
      link
      fedilink
      English
      451 year ago

      Systemd makes life easy. It also makes Linux more teachable. I like accessibility and don’t even mind this

      • @[email protected]
        link
        fedilink
        51 year ago

        I’m not on the systemd hate train by any means, but I don’t understand how this is any improvement over pkexec

          • @[email protected]
            link
            fedilink
            61 year ago

            As long as you have polkit setup to work in terminal sessions, yes. This is pretty standard these days, though not particularly widely used.

        • @[email protected]
          link
          fedilink
          31 year ago

          I don’t understand how this is any improvement over pkexec

          That has the same problem as sudo: the SUID bit is set for it.

          The fact that run0 uses polkit is more of a byproduct that this kinda authentication is already done with polkit all over the place in systemd. You can have individual subcommand accessible to different users (for example everyone can systemctl status, but systemctl reboot needs to be in the wheel group) which is why its generally used within systemd already. And it wouldn’t surprise me if again you can do it with this as well, limiting what commands can unconditionally run, need prompt or are completely blocked.

      • topperharlie
        link
        fedilink
        261 year ago

        hard disagree. life with plain text logs and daemon init scripts was so easy and nice. But we can’t have nice things…

        • TimeSquirrel
          link
          fedilink
          211 year ago

          You know what’s nice? Being able to sit down at any Linux distro and being able to set up and configure services without Googling how to use that particular distro’s init system.

        • @[email protected]
          link
          fedilink
          English
          351 year ago

          Those hacked together system-specific bash scripts were shit. Having a standard way of creating, starting, ensuring restarts,and logging services is so much better.

          You can still get all the plain text logs you like.

          • @[email protected]
            link
            fedilink
            71 year ago

            Those hacked together system-specific bash scripts were shit.

            With a different feature set per script as well. The systemd service files have often been pushed upstream.

            Pretty sure people liking those scripts never really tried dealing with them across distributions. Though this just rehashes things that were said when distributions decided if to switch to systemd. Still the same strange claim that those scripts are somehow easier. It wasn’t, it is also way easier to package a systemd file from upstream than to maintain that stuff within a distribution.

          • trevor (he/they)
            link
            fedilink
            English
            51 year ago

            How do you get plain-text logs instead of the garbage binary format that journalctl forces on you?

            • dblsaiko
              link
              fedilink
              141 year ago

              Set ForwardToSyslog=yes in journald.conf and install a syslog daemon. Also optionally Storage=volatile (I wouldn’t set Storage=none unless you want systemd to no longer show you any logs anywhere including in systemctl status because I assume it will do that)

            • @[email protected]
              link
              fedilink
              English
              5
              edit-2
              1 year ago

              By configuring journald to forward messages to syslog as is the default.

              “forces on you” 🙄

              Edit: Systemd has been around for 14 years. Did you never think to google this?

              • dblsaiko
                link
                fedilink
                11 year ago

                It’s not the default fwiw. From journald.conf(5):

                By default, only forwarding to wall is enabled.

      • @[email protected]
        cake
        link
        fedilink
        21
        edit-2
        1 year ago

        But it’s so unbearably slow.

        Me when my computer that has a typical uptime of 37 days boots up in 7 seconds with systemd instead of 5.5 seconds with runit: 😡😡😡😡

    • @[email protected]
      link
      fedilink
      English
      26
      edit-2
      1 year ago

      I mean it should kind of already be something like GNU/SystemD/X11/PipeWire/Linux, I guess.

      It’s not like the GNU utils are the only massive integral part of the OS. I think GNU/Linux caught on squarely because many people follow Stallman, and that’s how he wants people to refer to it.

      • @[email protected]
        link
        fedilink
        11 year ago

        It definitely made way more sense at early on. I mean GNU made most of UX of using Linux at some point. Systemd, and the browser now make a much bigger portion than before, and the world is more than GNOME now too.

  • michel
    link
    fedilink
    51 year ago

    @starman
    Systemd is nice. I miss GUI apps for #SystemD.
    Permanent mounting a Network drive or creating new Services and inspect and modify is such a point.

    • @[email protected]M
      link
      fedilink
      27
      edit-2
      1 year ago

      Agreed, this is a nice inclusion. I also hate sudoers with a passion - I already use doas but it’s not standard (in the Linux world anyway), but with systemd providing an alternative means that it’ll become a standard which most distros would adopt, and I hope this means we can finally ditch the convoluted sudoers file once and for all.

        • @[email protected]
          link
          fedilink
          9
          edit-2
          1 year ago

          The thing with this is: its just a symlink to the systemd-run binary, which talks to PID1 to spawn new processes (in separate cgroups IIRC). Its one of the most fundamental parts of systemd. Even the debian systemd package includes systemd-run.

          I guess the other question is if some tools the distro provides might switch to supporting it by default. For example on Arch there is makepkg that should never be executed as root, but does internally call some things with elevated privileges (mostly pacman to install and remove packages). Currently it checks for sudo and if not falls back to su, but maybe it might be worth considering changing su for run0 if its guaranteed to be there.

            • @[email protected]
              link
              fedilink
              41 year ago

              it does its authorization with polkit (which IIRC defaults to allow all wheel group members) and giving users that shouldn’t be allowed root access, root access, is not something you ever want. This is usually referred to as unauthorized privilege escalation. Also, it isn’t like sudo doesn’t need configuration.

        • @[email protected]M
          link
          fedilink
          33
          edit-2
          1 year ago

          doas is quite popular in the BSD world, and was ported to Linux a few years ago (via the OpenDoas project).

          For starters, it’s is a lot smaller than sudo - under 2k lines of code vs sudo’s 132k - this makes it lot more easier to audit and maintain, and technically less likely to have vulnerabilities.

          Another security advantage is that doas doesn’t pass on the environment variables by default (you’d have to explicitly declare the ones you want to pass, which you can do so in the config).

          The config is also a lot simpler, and doesn’t force you to use visudo - which never made sense to me, visudo should’ve just generated the actual config, instead of checking it after the fact. Kinda like how grubby or grub2-mkconfig works. But no need for that complexity with doas.

          Eg, the most basic doas config could just have one line in the file: permit: wheel. Maybe have another line for programs you want to run without a password, like permit nopass dexter cmd pacman.

          • @[email protected]
            link
            fedilink
            131 year ago

            Nice to see that Mastodon has the same problem as Twitter with people trying to use it for long-form blog posts for some godforsaken reason.

            • @[email protected]
              link
              fedilink
              21 year ago

              Blame the Mastodon team, if you’re not running a fork, you have to go into the source and adjust the character limit manually.

              Nobody has to do it like this, Mastodon supports longer posts since other servers and clients support more, it’s seemingly just a choice from upstream.

            • @[email protected]
              link
              fedilink
              51 year ago

              Makes sense considering people who moved from one micro-blogging service to another instead of giving up on the idea completely are probably the ones deeply committed to that flawed idea.

          • @[email protected]
            link
            fedilink
            English
            21 year ago

            I admit, I’m not a big fan of putting more functionality into systemd (or just of systemd in general), but that is a well-reasoned argument for having sudo live in the init system.

    • million
      link
      fedilink
      English
      7
      edit-2
      1 year ago

      I read the original mastodon post by the developer of run0 and I am still don’t understand what the problem with SUID is.

      Whats an example of an attack that would work with sudo and doas (which also uses SUID) and not on run0?

        • @[email protected]
          link
          fedilink
          21 year ago

          Thanks for taking the time to explain. I was trying to get my head around on how this works but could not understand much of it. A lot of people here are very much against systemd in all senses, but this sounds like a better approach. Even if it not done as systemd, makes more sense than checking files and getting elevated privileges for a scope and use guardrails everywhere

  • @[email protected]
    link
    fedilink
    English
    451 year ago

    Oh, it’s gonna use polkit. Sudo bloat is a grain of sand compared to polkit.

    Why people want to replace sudo with polkit? Visudo is no near as obscure as configuring polkit.

    I hope distro maintainers don’t follow this.

    • @[email protected]
      link
      fedilink
      31 year ago

      First thing I do with any new desktop installation is disable polkit prompts.

      Fuck having to enter my password every time I want to do something.

      • caseyweederman
        link
        fedilink
        11 year ago

        Hey uh can I get your IP address real quick? I have a strong suspicion your philosophy extends to your network ports.

        • @[email protected]
          link
          fedilink
          1
          edit-2
          1 year ago

          You’d be wrong about that.

          Edit: he just downvotes me instead of admitting he’s wrong about his assumption, lol.

    • voxel
      link
      fedilink
      21 year ago

      I just treat polkit as “set it and forget” kind of thing and leave it on defaults, I’d rather spend my time on something more important

    • @[email protected]
      link
      fedilink
      141 year ago

      …is pkexec not good enough already as a polkit based sudo replacement? Why would one need to systemd-ify that?

  • Baggins [he/him]
    link
    fedilink
    English
    20
    edit-2
    1 year ago

    new sudo vulnerabilities? how exciting!

    E: read the article, I guess that is part of the reason for the proposal. interesting

  • @[email protected]
    link
    fedilink
    151 year ago

    Even when that releases, it doesn’t mean distros will switch to it. Just because it’s systemd, doesn’t always mean it’s better. Just look at network manager vs systemd-networkd. Correct me if I’m wrong but afaik they are made to serve the same purpose and most distros prefer Network Manager over systemd-networkd.

    • @[email protected]
      link
      fedilink
      2
      edit-2
      1 year ago

      Honestly, though, NM is useless on a server or VM. I don’t know why they still have that kludge installed on 90% of machines.

      Having said that. Lennart’s Cancer is junk from junk process. It WILL be adopted by every distro but PCLinuxOS because no other distro is putting effort towards stability and reliability.

      I’d hoped that moving to Microsoft would allow IBM to re-evaluate the shit shoveled into its declining enterprise product, but that’s not looking likely given staffing and IBM’s ancillary priorities. RHEL only needs to be Good Enough so it can sell certs and classes and AAP and other make-work.

  • @[email protected]
    link
    fedilink
    381 year ago

    I honestly started out not liking systemd at all, mostly due to the reports that it did waaay to much, but nowadays, I like the concept.

    It is basically officially moving daemon management from a script-based approach to a table/database-based approach. That improves static analyzability, therefore increasing clarity, and probably even performance.

    I agree that we should abandon scripts and move towards declarative software management, and abandoning sudo for a more declarative system seems like a good step to me.

  • @[email protected]
    link
    fedilink
    351 year ago

    How does systemd-run/run0 handle what /etc/sudoers currently does?

    I’m disappointed in how little technical discussion there is in this thread.

        • @[email protected]
          link
          fedilink
          141 year ago

          Actually no. The thing is just that systemd handles so many things that makes the lives both developers/distro maintainers and users easier, but most of it happens in the background. You can forget about having to learning complexer tools, just do it all via systemd

    • @[email protected]
      link
      fedilink
      81 year ago

      Systemd has always been about “don’t ask questions or well call you obstructionist and old”.

    • chameleon
      link
      fedilink
      71 year ago

      Looking at the implementation, it doesn’t really implement sudoers or tools like sudoedit in any way. systemd-run has already been an existing tool for quite some time and this is really just a different CLI for it. That tool asks systemd to make a temporary new service and immediately run it. That, in turn, requires blanket yes/no approval for org.freedesktop.systemd1.manage-units via polkit.

      So with run0, you can either do everything or you can do nothing. In-betweens are just not a thing at the moment. There’s very little new backend code running as root.

      run0 bash should behave very similar to something like systemd-run --uid=0 --gid=0 --wait --same-dir --send-sighup --pty --pipe --collect bash and the majority of those options have been available for quite a while.

  • @[email protected]
    link
    fedilink
    271 year ago

    But for why (I’m commenting this before reading) wouldn’t it make more sense to home I’m the scope of systemd so it can be easier to maintain? Why have it do everything?

    • @[email protected]
      link
      fedilink
      191 year ago

      Why have it do everything?

      Isn’t the guy behind systemd a (former?) Microsoft employee? I feel as though that might offer a clue as to why the trajectory towards bloat.

      • @[email protected]
        link
        fedilink
        41 year ago

        He’s working for Microsoft now but it’s very recent, he developed systemd while working at RedHat.

        I don’t even know of he’s still working on it. There are a lot of things to be said about systemd and Lennart but the link to Microsoft is irrelevant.

      • @[email protected]
        link
        fedilink
        151 year ago

        It is. He is poisoning Linux, slowly, from the inside. Like the XZ attack, just smarter and much slower.

        • @[email protected]
          link
          fedilink
          51 year ago

          Why do you consider it as poisoning? I’ve heard the argument about not doing things the traditional Linux way (binary logs for example). But if the alternative provides so many benefits, why is it an issue? Systemd is a piece of cake for all parties compared to sysvinit and alternatives, so why is it bad when it solves so many issued, and makes it super easy to use by just adding e.g. a new option to a Unit?

          Another example: timers are more complex than cronjobs, but timers offer additional needed features like dependencies, persistence, easy and understandable syntax, and more. So although more complex, once you get the hang of them, they’re a very welcomed feature imo

          • @[email protected]
            link
            fedilink
            31 year ago

            By itself, solely doing init, it would have been fine, however, binary logging (even if you eventually end up with a text log, that’s wasting disk space on a binary format no one wants or needs), and it didn’t stop there. He keeps replacing Linux subsystem after subsystem, and many of those replacements are not progress, just duplication of effort and creates more ways for configuration drift.

            • @[email protected]
              link
              fedilink
              31 year ago

              Here is the rationale for the Journal. In short it is really not that simple and it has a lot of advantages over simple text files and it saves disk space.

            • @[email protected]
              link
              fedilink
              11 year ago

              You can still forward to text syslog or to a central logging server like Loki if working with multiple hosts. I still don’t get the issue with binary logs.

              • @[email protected]
                link
                fedilink
                11 year ago

                Yes, and many distros have that out of the box… But they don’t have it sent to keep the binary journal as close to empty as possible. So you end up with twice the space in use for logs. As for the issue with binary logs, text logs can be read by far more tools and utilities, rather than just journalctl and pipes.

                • @[email protected]
                  link
                  fedilink
                  11 year ago

                  You can set the space limit for journals logs really low then, to avoid double space usage. As for the last argument, that also was an issue for me years ago because not all tools were compatible with the journald format, but that’s since long fixed now and I’ve not experienced any issue for a long time. Journal logs provide a standard format for all applications, so third party tools don’t need to be compatible with every log format of your applications. And it also comes with great additional features like -b or --since etc. So I still don’t get the issue here

        • @[email protected]
          link
          fedilink
          33
          edit-2
          1 year ago

          The guy who discovered the xz attack was also a Microsoft employee, for what it’s worth.

    • voxel
      link
      fedilink
      33
      edit-2
      1 year ago

      systemd is more of a set of products and software components branded under a single name rather than a single thing.
      systemd itself is rather simple, as most other pieces systemd-* software, like systemd-boot, systemd-networkd and systemd-resolvd. these are usually more stable and less bloated than more popular alternatives

      • @[email protected]
        link
        fedilink
        4
        edit-2
        1 year ago

        As long as they can work independently, yes. If they are modular and a distro admin (or just a computer admin) can choose to install and use systemd-x but not install or use systemd-y, we are in good business

        Now if you have to take a few you don’t like or need to use so that the one component you do want works, then no

        I honestly don’t know enough of systemd to say either way

    • @[email protected]
      link
      fedilink
      21 year ago

      I can understand that it makes it easier to add changes that would benefit systemd and distros in general. I read that they introduced run0 to solve long shortcomings of sudo (I’m not aware of which). That sounds logical.

    • @[email protected]
      link
      fedilink
      101 year ago

      You can’t think of it a single massive project. It’s actually lots of small components.

      We could argue the linux kernel is bloated too. The reality is though, provided the project is designed to be modular (as SystemD is), it actually makes sense to keep it together, to ensure there is a standard base and all the components are synchronised fully with their API’s.

      It also saves distro’s a lot of effort.

      • TechNom (nobody)
        link
        fedilink
        English
        21 year ago

        In practice, all those tight coupling between components mean that it behaves more or less monolithic, despite the claims to the contrary. Replacing them with alternatives is a pain because something else breaks or some software has a hard dependency on it.

      • @[email protected]
        link
        fedilink
        21 year ago

        distro’s

        You can pluralize without the apostrophe. In fact, you never need an apostrophe to pluralize.

        It also saves distro’s a lot of effort.

        Only if they want to break free.

        And they don’t need nfsroot or a separate consolidated /usr mount or, really, a whole host of things that lennart didnt understand and unilaterally broke like an arrogant noob.

        But that’s blasphemy.

  • @[email protected]
    link
    fedilink
    English
    26
    edit-2
    1 year ago

    Well… Poettering will eventually work his way up to browser engines and then we’ll get something efficient… Here’s the announcement:

    "There’s a new component in systemd, called “engined”. Or actually, it’s not a new component, it’s actually the long existing “WebKit” engine now done properly. The engine is also a lot more fun to use than “WebKit” or “Blink” because you can finally have hundreds of tabs open in your browser without running out of RAM.

    Coming soon in Coming for systemd 981.

  • lemmyreader
    link
    fedilink
    English
    201 year ago

    Glad to see PoetteringOS has still not infected the *BSD family members /s And I’ll gladly use Doas on Linux if need be, thank you.