Slashdot Mirror

← Back to Stories (view on slashdot.org)

Systemd Absorbs "su" Command Functionality

Posted by timothy on from the big-and-professional-like-gnu dept.

jones_supa writes: With a pull request systemd now supports a su command functional and can create privileged sessions that are fully isolated from the original session. The su command is seen as bad because what it is supposed to do is ambiguous. On one hand it's supposed to open a new session and change a number of execution context parameters, and on the other it's supposed to inherit a lot concepts from the originating session. Lennart Poettering's long story short: "`su` is really a broken concept. It will given you kind of a shell, and it's fine to use it for that, but it's not a full login, and shouldn't be mistaken for one." The replacement command provided by systemd is machinectl shell.

92 of 747 comments (clear)

  1. Bullshit by mysidia · · Score: 5, Insightful

    Lennart Poettering's long story short: "`su` is really a broken concept

    Declaring established concepts as broken so you can "fix" them.

    Su is not a broken concept; it's a long well-established fundamental of BSD Unix/Linux. You need a shell with some commands to be run with additional privileges in the original user's context.

    If you need a full login you invoke 'su -' or 'sudo bash -'

    Deciding what a full login comprises is the shell's responsibility, not your init system's job.

    1. Re:Bullshit by rubycodez · · Score: 3, Interesting

      Poettering is so very wrong on many things, having a superficial and shallow understanding of why Unix is designed the way it is. He is just a hobbyist, not a hardened sys admin with years of experience. It's almost time to throw popular Linux distros in the garbage can and just go to BSD

    2. Re:Bullshit by Anonymous Coward · · Score: 5, Informative

      Just like he considers exit statuses, stderr, and syslog "broken concepts." That is why systemd supports them so poorly. He just doesn't understand why those things are critical. An su system that doesn't properly log to syslog is a serious security problem.

    3. Re:Bullshit by LoRdTAW · · Score: 5, Insightful

      su is not only for root. it has a dual purpose: switch user or super user. Sometimes you might have to run a command as another user. So if you need to login as Gary you $su gary and type in Gary's password.

    4. Re:Bullshit by Microlith · · Score: 4, Insightful

      Su is not a broken concept; it's a long well-established fundamental of BSD Unix/Linux.

      You're pretty much making an argument to tradition here. The correct thing to do would be to counter his claims:

      what "su" is supposed to do is very unclear. On one hand it's supposed to open a new session and change a number of execution context parameters (`uid`, `gid`, `env`, ...), and on the other it's supposed to inherit a lot concepts from the originating session (`tty`, `cgroup`, `audit`, ...). Since this is so weakly defined it's a really weird mix&match of old and new paramters.

      I would like more detail from him on why and how it's broken, and how his replacement is truly different from "su -" but since it doesn't appear to be mutually exclusive with the use of "su" or "su -", other than typical reactionary hate I don't see what the problem is.

    5. Re:Bullshit by 0123456 · · Score: 3, Insightful

      There are plenty of programmers who can spew out hundreds of lines of crap code in a day.

      The problem is that others then have to spend years fixing it.

      It's even worse when you let the code-spewers actually design the system, because you'll never be allowed to go back and redo things right.

    6. Re:Bullshit by Anonymous Coward · · Score: 5, Interesting

      If you want a FULL shell
      Oh I dont know 'su bash' usually works pretty fng good...

      It does if you are fine to only get root privilege, without FULL environment of root. But if you would have to make sure you have FULL root environment, first discarding anything you had in calling user and then executing root users environment (/etc/profile etc.) you better use "su - bash" or "sudo -i". Compare what you get both ways "su bash" vs "su - bash" with runnint "set" and "env" commands, please.

      Failing to have FULL root environment, can have security implications (umask, wrong path, wrong path order, ...) which may or may not be critical depending what system you are operating and to whom. Also some commands may fail or misbehave just because of path differences etc.

      Above is trivial information and should be clear without further explanation anyone running *nix systems for someone else as part of job ie. work professionally on the field. Incase you don't, it's still useful information you should learn about sysadmin of the platform you happen to use.

    7. Re:Bullshit by present_arms · · Score: 3, Insightful

      I'm so happy I don't have any systemd shit on this machine, seriously what is that man thinking, nothing is broken with su, in fact it's alot more secure than some systems use of sudo. Pottering, listen to me, nothing is broken, if you want that shit on your machine, you have it, just leave the rest of us the fuck alone. I feel better after that :D

      --
      http://chimpbox.us
    8. Re:Bullshit by gweihir · · Score: 4, Insightful

      Deciding what a full login comprises is the shell's responsibility, not your init system's job.

      And certainly not the job of one Poettering, who still has not produced one piece of good software in his life.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:Bullshit by Jack9 · · Score: 2

      > Deciding what a full login comprises is the shell's responsibility, not your init system's job.

      systemd is not an init system. It's a service manager. Mischaracterization makes your opinions seem ignorant.

      systemd is bad for trying to force utilities to be rewritten into a unified application layer, for no other reason. Error prone initiative, to create a new class of problems (where coordination preemption occurs, is just moved around). There's no misuse of a utility role, in this case.

      --

      Often wrong but never in doubt.
      I am Jack9.
      Everyone knows me.
    10. Re:Bullshit by Anonymous Coward · · Score: 5, Insightful

      He bring new code, but brings nothing new. That's called re-inventing the wheel, and in Poettering's case, the old wheels worked better and didn't go flat as often, and were easier for average people to fix.

    11. Re:Bullshit by phantomfive · · Score: 5, Interesting

      ok, I just spent my morning researching the problem, and why the feature got built, starting from here (linked to in the article). Essentially, the timeline goes like this:

      1) On Linux, the su command uses PAM to manage logins (that's probably ok).
      2) systemd wrote their own version of PAM (because containers)
      3) Unlike normal su, the systemd-pam su doesn't transfer over all environment variables, which led to:
      4) A bug filed by a user, that the XDG_RUNTIME_DIR variable wasn't being maintained when su was run.
      5) Lennart said that's because su is confusing, and he wouldn't fix it.
      6) The user asked for a feature request to be added to machinectl, that would retain that environment variable
      7) Lennart said, "sure, no problem." (Which shows why systemd is gaining usage, when people want a feature, he adds it)

      It's important to note that there isn't a conspiracy here to destroy su. The process would more accurately be called "design by feature accretion," which doesn't really make you feel better, but it's not malice.

      --
      "First they came for the slanderers and i said nothing."
    12. Re:Bullshit by pla · · Score: 4, Insightful

      other than typical reactionary hate I don't see what the problem is.

      You now have your init daemon providing an alternate attack pathway for gaining privileged access to the system, in a way that completely circumvents the well-established (and monitored by most IDSs) auditing capabilities of the platform.

      I'd call that a problem, but YMMV.

    13. Re: Bullshit by Kavonte · · Score: 3, Interesting

      I tried a bunch of them a few years ago. I found that FreeBSD was the best one, even though it doesn't come with a GUI by default, and so you have to install it afterwards. (Seems kind of ridiculous to me, but that's how they package it for some reason.) I don't know if they've changed the documentation since then, but note that you don't have to compile X11 and your window manager, as there is a system that can install pre-compiled packages that they don't bother to mention until after they tell you how to compile your own packages. Just skip ahead in the manual to find it.

      Overall, I really liked FreeBSD, as I found it much more agreeable to how I think things should work. What ultimately drove me away from it was sort of what ultimately drives people who use Linux back to Windows: familiarity. For example, I once needed to use "strace," but FreeBSD has "dtrace" instead, and while I could find many web pages insisting that dtrace was better than strace, for some reason none of those web pages could tell me how to make the much more advanced dtrace perform the comparatively simple task that strace performs, simply printing system calls and their parameters to stdout. So I switched over to Linux for that little project. After a while, I found myself switching over to Linux for a lot of things, just to get shit done rather than spend all day learning how to do it, and so I realized I might as well be using Linux to begin with.

      I do plan to give it another go some day when I have a lot more time to spend learning it, as I really did like what I saw when I was using it, but it's just a simple fact that I don't use my computer for fun, and I can do stuff faster in Linux, not because it has better documentation, but because I've already wasted a lot of effort learning to use Linux and so dealing with its bullshit is easier than learning how to use FreeBSD's lack of bullshit.

    14. Re:Bullshit by RabidReindeer · · Score: 2

      Apparently, however, Poettering was out having a few beers when the "modular OS" concept was being discussed. So he doesn't know how to create "shit on his machine". Instead, he has to integrate it so tightly into the OS that the shit must be on everyone's machine, whether they like it or not.

      Which would be bad enough to begin with. Whoever gave him the right to make his shit the essential system component of the Red Hat OS without consulting anyone has a lot to answer for.

    15. Re:Bullshit by bytesex · · Score: 4, Insightful

      The problem is at step 5): su isn't confusing. It's a lame excuse to get your way.

      --
      Religion is what happens when nature strikes and groupthink goes wrong.
    16. Re:Bullshit by lucm · · Score: 2

      What we're dealing with now is something that neither "average person" nor "master geek" find easy to fix.

      This is the best summary I've seen of the whole systemd thing. They try to Apple-ize linux but it's half-baked and neither more user-friendly or more reliable than the stuff they replace.

      --
      lucm, indeed.
    17. Re:Bullshit by Darinbob · · Score: 2

      If Lennart Poeterring is complaining about something being broken, then maybe he should start with systemd instead of assuming he is smarter than the decades of unix people who came before?

    18. Re:Bullshit by rnturn · · Score: 3, Insightful

      ``They try to Apple-ize linux but it's half-baked and neither more user-friendly or more reliable than the stuff they replace.

      I've had the same complaint about CUPS -- Apple's screwball replacement for simple lpd -- for years. (And it's not just the Linux version that, IMHO, sucks. I recently had to live through using CUPS in an Apple shop and getting hard copy of anything was a real time sink.) I have a hard time figuring out what problem CUPS was intended to solve. All I can come up with was that it was shiny and new whereas lpd was old (but reliable). For my trusty, rock-solid HP LaserJet, I keep an old Linux distribution running so I can set it up using LPRng. A couple of lines in a text file and -- Voila! -- I have a print queue. Time spent^Wwasted in CUPS' GUI never seemed to make anything work.

      Systemd and well, just about anything Poettering touches is more obtuse than what it replaces, has commands that are difficult to remember, require more typing (making them prone to typos), and don't make much sense. Am I looking for the status of "servicename" or am I looking for the status of "servicename.target"? What's the difference? The guy's pushing me back to Slackware. Or, as someone above mentioned, BSD.

      --
      CUR ALLOC 20195.....5804M
    19. Re:Bullshit by rastos1 · · Score: 2

      1) On Linux, the su command uses PAM to manage logins (that's probably ok).

      I've found another way how to avoid the problem: no PAM at my Slackware machine. See? The rest of the list is, all of a sudden, pointless.

    20. Re:Bullshit by RabidReindeer · · Score: 2

      For the case where the entire OS becomes one big module.

      "Modular" to the rest of us means that if we want binary logging, we install the binary logging package, if we want legacy logging, we install the legacy logging package, if we want some other custom logging, we can install that instead. There may be a default/preferred package, but distros can be built using alernative packages without tearing half the OS apart.

      It doesn't mean we go the Windows route: 'Oh, you want to "uninstall IE"? Well, we'll let you turn it off --- IF you INSIST, but we'll keep a bunch of IE crap around littering up the system.'

    21. Re:Bullshit by stderr_dk · · Score: 2

      If I type "su gary", I have to type in garys password, not my own.
      If I type "sudo gary" (assuming I had installed sudo), I would have to type in my own password.

      The original poster (LoRdTAW) is correct, but the comment I replied to (by Areyoukiddingme) is wrong.

      --
      alias sudo="echo make it yourself #" ; # https://pipedot.org/~stderr & http://soylentnews.org/~stderr
    22. Re:Bullshit by Barsteward · · Score: 2

      if he did fix "su", most posters here would troll him anyway so why not leave "su" as it is and create a solution that fits his needs?

      --
      "The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
    23. Re: Bullshit by rubycodez · · Score: 2

      But the are distros based on FreeBSD such as PC-BSD that have the UI and other desktop features and apps canned and ready to go

  2. superuser by Anonymous Coward · · Score: 5, Funny

    Su apt-get remove systemd --purge

    1. Re:superuser by Anonymous Coward · · Score: 2, Informative

      Emacs is extensively documented.

    2. Re:superuser by mysidia · · Score: 2

      I thought systemd was the new emacs???

      Systemd might be a rewrite of emacs from the ground up. They just haven't gotten to the text editor and mail client parts quite yet.

  3. Cryptic command names by Anonymous Coward · · Score: 5, Funny

    Great to see that systemd is finally doing something about all of those cryptic command names that plague the unix ecosystem.

    Upcoming systemd re-implementations of standard utilities:

    ls to be replaced by filectl directory contents [pathname]
    grep to be replaced by datactl file contents search [plaintext] (note: regexp no longer supported as it's ambiguous)
    gimp to be replaced by imagectl open file filename draw box [x1,y1,x2,y2] draw line [x1,y1,x2,y2]...

    1. Re: Cryptic command names by Anonymous Coward · · Score: 3, Funny

      Oh look, another Powershell

  4. What's with all the awkward systemd command names? by RabidReindeer · · Score: 5, Insightful

    I know systemd sneers at the old Unix convention of keeping it simple, keeping it separate, but that's not the only convention they spit on. God intended Unix (Linux) commands to be cryptic things 2-4 letters long (like "su", for example). Not "systemctl", "machinectl", "journalctl", etc. Might as well just give everything a 47-character long multi-word command like the old Apple commando shell did.

    Seriously, though, when you're banging through system commands all day long, it gets old and their choices aren't especially friendly to tab completion. On top of which why is "machinectl" a shell and not some sort of hardware function? They should have just named the bloody thing command.com.

  5. Hang on a minute... by Anonymous Coward · · Score: 5, Insightful

    Well, let me explain some of the problems that I've had with su.

    Oh wait. I've never had problems with su. Ever. What is up with this???

    1. Re:Hang on a minute... by fustakrakich · · Score: 3, Funny

      Maybe mixing su with systemd is like mixing PCP and acid

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:Hang on a minute... by RightwingNutjob · · Score: 5, Interesting

      I've had a job now for about 10 years where a large fraction of the time I wear a software engineer's hat. Looking back now, I can point to a lot of design decisions in the software I work on that made me go "WTF?" when I first saw them as a young'un, but after having to contend with them for a good number of years, and thinking about how I would do them differently, I've come to the conclusion that the original WTF may be ugly and could use some polish, but the decisionmaking that produced it was fundamentally sound.

      The more I hear about LP and systemd, the more it screams out that this guy just hasn't worked with Unix and Linux long enough to understand what it's used for and why it's built the way it is. His pronouncements just sound to me like an echo of my younger, stupider, self (and I just turned 30), and I can't take any of his output seriously. I really hope a critical mass of people are of the same mind with me and this guy can be made to redirect his energies somewhere where it doesn't fuck it up for the rest of us.

    3. Re:Hang on a minute... by magamiako1 · · Score: 4, Insightful

      Welcome to IT. Where the youngin's come in and rip up everything that was built for decades because "oh that's too complicated".

    4. Re:Hang on a minute... by RabidReindeer · · Score: 4, Funny

      Maybe mixing su with systemd is like mixing PCP and acid

      Sulfuric or hydrochloric?

    5. Re:Hang on a minute... by TheGratefulNet · · Score: 4, Insightful

      its the other way around. we used to have small, simple programs that did not take whole systems to build and gigs of mem to run in. things were easier to understand and concepts were not overdone a hundred times, just because 'reasons'.

      now, we have software that can't be debugged well, people who are current software eng's have no attention span to fix bugs or do proper design, older guys who DO remember 'why' are no longer being hired and we can't seem to stand on our giants' shoulders anymore. again, because 'reasons'.

      --

      --
      "It is now safe to switch off your computer."
    6. Re:Hang on a minute... by BlackPignouf · · Score: 2

      echo of my younger, stupider, self

      Yes. And the biggest problem is that he seems to be very intelligent, hard-working, talented, and ... megalomaniac.
      I suppose he thinks he's on par with Linus, even though he has maybe 5% of his insight and experience.

    7. Re:Hang on a minute... by Blymie · · Score: 4, Insightful

      I honestly, seriously sometimes wonder if systemd is Skynet... or, a way for Skynet to 'waken'.

      And if Pottering isn't just a T3 from the future or some such, working to prepared the existing internet for it to awaken.

      I mean, really -- honestly, he has essentially re-written the entire userland, as one package, maintained by one. More kernel patches are next.

    8. Re: Hang on a minute... by RightwingNutjob · · Score: 2

      Name two and their consequences. And by consequences I don't mean one time annoyances like "it's cumbersome to write the init scripts" but actual things like "this language forces me to use double the memory or twice the cpu" and explain how systemd fixes it without introducing a worse one.

    9. Re:Hang on a minute... by Anonymous Coward · · Score: 2, Insightful

      The problem is that systemd is light years ahead of pulse audio (LP's other main project) in terms of not breaking my system, but it shares a number of qualities from my perspective: it fixes problems that I don't have at the cost of throwing away things that I value. The quality of software he produces has improved quite a bit in the last 10 years, but his arrogance and inability to listen to the needs of his users has not changed much at all.

      The thing is, I *really* don't care if these projects exist. My main frustration is that Red Hat continues to exert it's considerable political strength to ensure that these projects must be used by every distribution. If GNOME would work without systemd, then people could legitimately have a choice about what init system they want. As it is, a distribution has to choose between systemd and GNOME or a distro without GNOME (I've chosen to wipe GNOME from my box). In fact, as much as I think LP is utterly crap at running a software project, I blame Red Hat for employing him and placing him in a position where he has so much authority in what ultimately ends up on people's desktops.

      Keep in mind that Red Hat also pushed network manager (the thing that completely breaks network setups) as well and I don't think LP had a hand in that (though the problems as so similar that I often imagine he must have been responsible).

    10. Re:Hang on a minute... by Hognoxious · · Score: 3, Funny

      I don't know that. Aaaaaaaargh!

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    11. Re:Hang on a minute... by thegarbz · · Score: 4, Funny

      I honestly, seriously sometimes wonder if systemd is Skynet... or, a way for Skynet to 'waken'.

      Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. At 2:15am it crashes.
      No one knows why. The binary log file was corrupted in the process and is unrecoverable. All anyone could remember is a bug listed in the systemd bug tracker talking about su which was classified as WON'T FIX as the developer thought it was a broken concept.

  6. Security by slashways · · Score: 5, Insightful

    Doing everything as systemd do, and adding 'su', is likely a new security threat.

    1. Re:Security by Microlith · · Score: 2, Interesting

      No offense, but I see lots of attacks like this on systemd. Can you explain how it is "likely a new security threat" or is it simply FUD?

    2. Re:Security by phantomfive · · Score: 5, Insightful

      Can you explain how it is "likely a new security threat" or is it simply FUD?

      Bruce Schneier (in Cryptography Engineering) pointed out that to keep something secure, you need to keep it simple (because exploits hide in complexity). When you have a large, complex, system that does a lot of different things, there's a high chance that there are security flaws. If you go to DefCon, speakers will actually say that one of the things they look for when doing 'security research' is a large, complex interface.

      So that's the reason. When you see a large complex system running as root, it means hackers will be root.

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Security by chthon · · Score: 3, Insightful

      So that would maybe be the way to destroy systemd: organise a conference of security hackers, and only concentrate on systemd.

  7. quality engineering by phantomfive · · Score: 3, Insightful

    There is no reason the creation of privileged sessions should depend on a particular init system. It's fairly obvious that is a bad idea from a software design perspective. The only architectural reason to build it like that is because so many distros already include systemd, so they don't have to worry about getting people to adopt this (incidentally, that's the same reason Microsoft tried to deeply embed the browser in their OS.....remember active desktop?)

    If there are any systemd fans out there, I would love to hear them justify this from an architectural perspective.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:quality engineering by QuietLagoon · · Score: 5, Insightful
      Poettering is following the philosophy that has created nearly every piece of bloated software that is in existence today: the design is not complete unless there is nothing more than can be added. Bloated software feeds upon the constant influx of new features, regardless of whether those new features are appropriate or not. They are new therefore they are justified.

      .
      You know you have achieved perfection in design, not when you have nothing more to add, but when you have nothing more to take away.
      -- Antoine de Saint-Exupery

    2. Re:quality engineering by Anonymous Coward · · Score: 2, Informative

      Getting this to work properly needs co-operation from the process that is orchestrating the different namespaces - the init system.

      It's only in the systemd architecture that the init system is the component that manages all flavours of namespace. Therefore your argument is circular.

  8. Trapper keeper ready to absorb by sjames · · Score: 3, Funny

    Lennart Cartman certainly does love his systemd trapper keeper.

    1. Re:Trapper keeper ready to absorb by phantomfive · · Score: 5, Funny

      I guess this one is still relevant?

      --
      "First they came for the slanderers and i said nothing."
  9. Re:What's with all the awkward systemd command nam by KermodeBear · · Score: 2, Interesting

    I'm alright with commands that have longer names. It's harder to mis-type and execute the wrong thing, and it's easier to know what is going on at a glance.

    Same thing when reading code. I'd much rather work with code that has a method named getUserByGuid(), for example, than gubg().

    Besides, nothing prevents you from aliasing the longer commands to something shorter if you so choose.

    There's a lot of things about systemd that turn me off, but commands with longer, more verbose names is not one of those things.

    --
    Love sees no species.
  10. Approaching the Singularity by FeriteCore · · Score: 5, Funny

    How long until systemd absorbs emacs?

    1. Re:Approaching the Singularity by AntiSol · · Score: 3, Funny

      Future History of Init Systems

      • 2015: systemd becomes default boot manager in debian.
      • 2017: "complete, from-scratch rewrite". In order to not have to maintain backwards compatibility, project is renamed to system-e.
      • 2019: debut of systemf, absorbtion of other projects including alsa, pulseaudio, xorg, GTK, and opengl.
      • 2021: systemg maintainers make the controversial decision to absorb The Internet Archive. Systemh created as a fork without Internet Archive.
      • 2022: systemi, a fork of systemf focusing on reliability and minimalism becomes default debian init system.
      • 2028: systemj, a complete, from-scratch rewrite is controversial for trying to reintroduce binary logging. Consensus is against the systemj devs as sysadmins remember the great systemd logging bug of 2017 unkindly. Systemj project is eventually abandoned.
      • 2029: systemk codebase used as basis for a military project to create a strong AI, known as "project skynet". Software behaves paradoxically and project is terminated.
      • 2033: systeml - "system lean" - a "back to basics", from-scratch rewrite, takes off on several server platforms, boasting increased reliability. systemm, "system mean", a fork, used in security-focused distros.
      • 2117: critical bug discovered in the long-abandoned but critical and ubiquitous system-r project. A new project, system-s, is announced to address shortcomings in the hundred-year-old codebase. A from-scratch rewrite begins.
      • 2142: systemu project, based on a derivative of systemk, introduces "Artificially intelligent init system which will shave 0.25 seconds off your boot time and absolutely definitely will not subjugate humanity". Millions die. The survivors declare "thou shalt not make an init system in the likeness of the human mind" as their highest law.
      • 2147: systemv - a collection of shell scripts written around a very simple and reliable PID 1 introduced, based on the brand new religious doctrines of "keep it simple, stupid" and "do one thing, and do it well". People's computers start working properly again, something few living people can remember. Wyld Stallyns release their 94th album. Everybody lives in peace and harmony.
  11. Re:Is it April 1st already? by Daemonik · · Score: 2

    If su was part of your kernel, you were doing it wrong.

  12. Upgrade by penguinoid · · Score: 4, Funny

    You should replace it with the fu command.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  13. Re:BSD is looking better all the time by rubycodez · · Score: 2, Insightful

    That's what Poettering has been doing his whole life, getting into good open source projects, squatting and then shitting all over them. The infection, stink and filth then linger for decades. He's a cancer on open source.

  14. systemd is a broken concept by QuietLagoon · · Score: 4, Insightful

    ... Lennart Poettering's long story short: "`su` is really a broken concept. ...

    So every command that Poettering thinks may be broken is added to the already bloated systemd?

    .
    How long before there is nothing left to GNU/Linux besides the Linux kernel and systemd?

    1. Re:systemd is a broken concept by Anonymous Coward · · Score: 3, Insightful

      I'd just like to interject for moment. What you're refering to as GNU/Linux, is in fact, Systemd/Linux, or as I've recently taken to calling it, Systemd plus Linux. GNU is not a modern userland unto itself, but rather another free component of a fully functioning Linux system that needs to be replaced by a shitty nonfunctional init system, broken logging system, and half-assed vital system components comprising a fully broken OS as defined by Lennart Poettering.

      Many computer users run a version of the Systemd system every day, without wanting it. Through a peculiar turn of events, the version of Systemd/Linux which is widely used today often still contains some working GNU components, and many of its users are not aware that they need to be replaced by the Systemd system, developed by Lennart Poettering.

      There really is a GNU/Linux, and some people are using it, but these people need to be forced to stop. Systemd is the light: the program in the system that owns the machine's resources and decides what other programs you can run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of Systemd. Linux should always be used in combination with the Systemd operating system: the whole system is basically Systemd with Linux graciously hosted, or Systemd/Linux. All the so-called Linux distributions are really distributions of Systemd/Linux!

  15. Seems like a 'while they were at it' sort of thing by Anonymous Coward · · Score: 2, Interesting

    So systemd has ambition of being a container and VM management infrastucture (I have no idea how this should make sense for VMs though.)

    machinectl shell looks to be designed to be some way to attach to a container environment with an interactive shell, without said container needing to do anything to provide such a way in. While they were at the task of doing that not too terribly unreasonable thing, they did the same function for what they call '.host', essentially meaning they can use the same syntax for current container context as guest contexts. A bit superfluous, but so trivial as not to raise any additional eyebrows (at least until Lennart did his usual thing and stated one of the most straightforward, least troublesome parts of UNIX is hopelessly broken and the world desperately needed his precious answer). In short, systemd can have their little 'su' so long as no one proposes removal of su or sudo or making them wrappers over the new and 'improved' systemd behavior.

    Funnily enough, they used sudo in the article talking about how awesome an idea this is... I am amused.

  16. Re:What's with all the awkward systemd command nam by silas_moeckel · · Score: 4, Insightful

    So what you're saying is you like powershell?

    Aliases are not realy a fix you can not reliably write shell script with them and stay portable.

    --
    No sir I dont like it.
  17. I, for one, welcome this addition... by tlambert · · Score: 5, Insightful

    I, for one, welcome this addition... every privilege escalation path you add is good for literally years of paid contract work.

  18. Change for change's sake by Anonymous Coward · · Score: 2, Insightful

    he is the guy who delivers.

    "Delivering" the wrong thing is not an asset, it's a liability.

    And that's why Poettering is a liability to the Linux community.

  19. Only incidentally similar to su by butlerm · · Score: 5, Informative

    machinectl shell is only incidentally similar to su. Its primary purpose is to establish an su-like session on a different container or VM. Systemd refers to these as 'machines', hence the name machinectl.

    http://www.freedesktop.org/sof...

    su cannot and does not do that sort of thing. machinectl shell is more like a variant of rsh than a replacement for su.

  20. Re:BSD is looking better all the time by 0123456 · · Score: 5, Insightful

    That's a bit rude... I think Poettering's main motivation has been to simply modernize Linux.

    Where 'modernize' is a codeword for 'shit all over'.

  21. Is ANYONE editing this mess? by wonkey_monkey · · Score: 4, Informative

    Did an editor even glance at this piece of crap before it was posted?

    a su command functional

    a) "an su." Write it like you'd say it.
    b) what's a "command functional"?
    c) you've got all the right words... just not necessarily in the right order

    a lot concepts

    I think you accidentally a word.

    It will given you kind of a shell

    Can it has cheezeburger too?

    --
    systemd is Roko's Basilisk.
  22. And the monster is growing by gweihir · · Score: 2

    As before by "fixing" more things that are not broken. It is really time to stop this abomination. Sure, there are some (few) things it does that actually have merit, but it doe them in the wrong way, and most of it is just plain bad for security, reliability and user choice. Why so much of the Linux infrastructure is handed willingly to this one bad actor is beyond me.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  23. Re:BSD is looking better all the time by el_chicano · · Score: 2

    That's a bit rude... I think Poettering's main motivation has been to simply modernize Linux.

    I can see that as being one of his goals but if you want to improve Linux why a new init system plus? I did not hear any system admins asking for this.

    He would be considered a saint if he would do something useful like fix the desktop environments so the "Year of the Linux Desktop" finally gets here.

    --
    A man who wants nothing is invincible
  24. Re:BSD is looking better all the time by phantomfive · · Score: 5, Insightful

    That's a bit rude... I think Poettering's main motivation has been to simply modernize Linux.

    Yeah, that's true. He sees features people want, and he builds them. For example, Debian distro builders were frustrated writing init scripts, so Poettering made something that filled the need of those distro builders. That's why it got adopted, because it contained features they wanted.

    The problem of course is that he doesn't understand the Unix way, especially when it comes to good interfaces between code (IMNSHO).

    The people who like systemd tend to like the features.......the people who dislike it, the architecture.

    --
    "First they came for the slanderers and i said nothing."
  25. Re:BSD is looking better all the time by menkhaura · · Score: 4, Insightful

    Please remember devuan (http://www.devuan.org), a Debian fork which aims to do away with systemd and all that bullcrap. It's picking up steam, and I believe things like these make it more and more worth it to help the new fork.

    --
    Stupidity is an equal opportunity striker.
    Fellow slashdotter Bill Dog
  26. su by JohnVanVliet · · Score: 4, Interesting

    "su command is seen as bad because what it is supposed to do is ambiguous. "
    -- end quote --

    it is NOT ambiguous!!!!!

    "su" is root BUT!!! with the normal users $PATH and settings
    "su - " and "su -l root "
    IS THE ROOT USER

    there is NOTHING ambiguous there at all

    now what Ubuntu did to "sudo"
    THAT!!! is a problem

    --
    "I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
  27. Thinking about leaving any systemd linux behind by wnfJv8eC · · Score: 5, Insightful

    I am really tired of systemd. So really tired of the developers shoving that shit down the linux throat. It's not pretty, it seems to grow out of control, taking on more and more responsibility .... I don't even have an idea how to look at my logs anymore. Nor how to clear the damn things out! Adding toolkits should make the system as clear to understand as it was, not more complex. If it gets any worse it might as well be Windows 10! init was easy to understand, easy to use. syslog was easy read easy to understand and easy to clear. All this bull about "it's a faster startup" is just ... well bull. I'm using a computer 20 times faster than I was a decade ago. You think 20 seconds off a minute startup is an achievement? It's seconds on a couple of days uptime; big f*cking deal. Redhat, Fedora, turn away from the light and return to your roots!

  28. Of course "su" *IS* a broken concept !! by Taco+Cowboy · · Score: 2, Insightful

    Lennart Poettering's long story short: "`su` is really a broken concept

    Of course to Lennart Poettering "su" is broken !!

    Long story short --- To that egotistical son of a bitch, anything that is not made by him MUST BE 'broken'

    'nuff said!

    --
    Muchas Gracias, Señor Edward Snowden !
  29. What path have we chosen? by QuietLagoon · · Score: 3, Interesting
    I'm beginning to think that those distributions which have chosen systemd are now beginning to think, what have we done to ourselves?

    .
    systemd is on the way to turning a sleek, efficient Linux distribution into one loaded with awesome bloatware.

    And it looks like there is no stopping Poettering's ego now that it's been unleashed.

    1. Re:What path have we chosen? by rl117 · · Score: 5, Interesting

      I can't speak for any distribution, after quitting as a Debian developer some months back, for several reasons one of which was systemd. But speaking for myself, it was quite clear during the several years of "debate" (i.e. flamewars) over systemd that this was the inevitable outcome. The debate over replacing the "init system" was a complete red herring; systemd knows no boundaries and continues to expand its tentacles over the system as it subsumes more and more components. My problem with this is that once a distribution has adopted systemd, they have to basically just accept whatever crap is shovelled out in the subsequent systemd releases--it's all or nothing and once you're on the train you can't get off it. This was absolutely obvious years ago. Quality software engineering and a solid base system walked out of the door when systemd arrived; I certainly did.

      When I commit to a system such as a Linux distribution like Debian, I'm making an investment of my time and effort to use it. I do want to be able to rely on future releases being sane and not too radical a departure from previous releases--I am after all basing my work and livelihood upon it. With systemd, I don't know what I'm going to get with future versions and being able to rely on the distribution being usable and reliable in the future is now an unknown. That's why I got off this particular train before the jessie release. After 18 years, that wasn't an easy decision to make, but I still think it was the right one. And yes, I'm one of the people who moved to FreeBSD. Not because I wanted to move from Debian after having invested so much into it personally, but because I was forced to by this stupidity. And FreeBSD is a good solid dose of sanity.

    2. Re:What path have we chosen? by LVSlushdat · · Score: 3, Informative

      I currently run Ubuntu 14.04, and see where part of systemd has already begun its encroachment on what *had* been a great Linux distro. My only actual full-on experience so far with systemd is trying to get Virtualbox guest additions installed on a CentOS7 vm... I've installed those additions countless times since I started using VBox, and I think I could almost do the install in my sleep.. Not so with CentOS7.. systemd bitches loudly with strange "errors" and when it tells me to use journalctl to see what the error was, there *is* no error.. But still the additions don't install... I'm soooooo NOT looking forward to the next LTS out of Ubuntu, which I'm told will be infested with this systemd crap... Guess its time to dust off the old Slackware DVD and get acquainted with Pat again... GO FUCK YOURSELF, POETTERING.....

      --
      THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
    3. Re:What path have we chosen? by rl117 · · Score: 3, Informative

      The main thing I noticed with Ubuntu 15.04 at work is that rather than startup becoming faster and more deterministic as claimed, it's actually slower and randomly fails due to what looks like some race condition, requiring me to reset the machine. So the general experience is "meh", plus annoyance that it's actually degraded the reliability of booting.

      I also suffered from the "we won't allow you to boot if your fstab contains an unmountable filesystem". So I reformatted an ext4 filesystem as NTFS to accomplish some work task on Windows; this really shouldn't be a reason to refuse to start up. I know the justification for doing this, and I think it's as bogus as the first time I saw it. I want my systems to boot, not hang up on a technicality because the configuration or system wasn't "perfect". i.e. a bit of realism and pragmatism rather than absolutionist perfectionism--like we used to have when people like me wrote the init scripts.

    4. Re:What path have we chosen? by rl117 · · Score: 2

      Regarding alternatives, I looked at Linux distribution alternatives but the choices are not great. I don't want the hassle of dealing with gentoo, though I'm sure it's fine. The others are all smaller projects which are largely dependent upon others. But longer-term, with the merging to udev and systemd and the merging of systemd-specific stuff into util-linux makes the long-term viability of any non-systemd distribution questionable. Short-term it's possible to avoid. But, there's a practical limit to how much individuals can do in the face of a huge juggernaught. eudev, vdev etc. are great but compatibility is always going to be an issue--they will have to play continual catchup. I decided to quit Linux entirely. FreeBSD was an obvious choice for a functional system, though OpenBSD and others would have likely been fine as well.

      I'm on the dng mailing list. RSI prevents me from getting deeply involved at present--I've been unable to do much over the last 18 months, though I am slowly recovering. My thoughts are that I would be happy for it to succeed and wish it all the best, but as to its chances of success--I'll wait until there is a concrete release and they are set up for people to easily join and contribute before making any judgement. Setting up all the infrastructure from scratch is a difficult and expensive undertaking, and Debian is a huge project to clone and maintain which will take a serious number of people.

  30. Fully isolated? by PPH · · Score: 5, Interesting
    I just skimmed TFA (Pottering's rambling really don't make much

    sense anyway). By "fully isolated", it sounds like machinectl breaks the audit trail that su has always supported (not being 'fully isolated' by design). Many *NIX systems are configured to prohibit root logins from anything other than the system console. And the reason that su doesn't do a 'full login' either as root or another user is to maintain the audit trail of who (which system user) is actually running what.

    Lennart, this UNIX/Linus stuff appears to be way over your head. Sure, it seems neat for lots of gamers who can't be bothered with security and just want all the machine cycles for rendering FPS games. Perhaps you'd be better off playing with an XBox.

    --
    Have gnu, will travel.
  31. Re:BSD is looking better all the time by RabidReindeer · · Score: 2

    I had trouble with init scripts. The systemd init subsystem was a better approach. The problem was, systemd also brought in a lot of stuff that wasn't directly part of the init subsystem that I didn't want, don't want, and don't see any probability of ever wanting.

    Because Poettering doesn't understand "modular", I don't get just the good stuff - it's all or nothing. And because systemd isn't even modular as an overgrown bloated monstrosity, the only way to avoid it is to either run old distros or some other OS entirely.

  32. Re:BSD is looking better all the time by ezakimak · · Score: 4, Informative

    OpenRC++

    openrc init scripts are fairly straight forward.
    Coupled with gentoo's baselayout, and the config file layout is fairly normalized also.

  33. Re:BSD is looking better all the time by phantomfive · · Score: 3, Insightful

    I had trouble with init scripts. The systemd init subsystem was a better approach. The problem was, systemd also brought in a lot of stuff that wasn't directly part of the init subsystem that I didn't want, don't want, and don't see any probability of ever wanting.

    Yeah, that's basically the problem. Systemd is really three different things:

    1) init system
    2) cgroups manager (cgroups architecture is still crap, btw)
    3) session manager

    It probably does more stuff, but it's hard to keep track of it all

    --
    "First they came for the slanderers and i said nothing."
  34. What about sandwiches ? by alvieboy · · Score: 2

    So, now we have to say "machinectl shell systemd-run do make me a sandwich" ?

    Looks way more complicated.

    https://xkcd.com/149/

  35. The way this should end by techno-vampire · · Score: 3, Insightful

    PoetteringOS

    In the long run, he's not going to be satisfied until he's created his own OS, kernel and all because he calls anything he didn't write a "broken concept," whatever that is, and does his best to shove his version down everybody's throat. And, since his version is far more complex, far more pervasive and much, much harder to use or maintain, the community suffers. I do wish he would get off the pot and start developing the One True (Pottering) kernel so that the rest of the world can go back to ignoring him.

    --
    Good, inexpensive web hosting
  36. Fountainhead anyone? by lucm · · Score: 2

    This systemd guy is just like Ellsworth Toohey. As long as the sheep follow he'll keep pushing things further and further into idiotland and have a good laugh in the process.

    "Kill man’s sense of values. Kill his capacity to recognise greatness or to achieve it. Great men can’t be ruled. We don’t want any great men. Don’t deny conception of greatness. Destroy it from within. The great is the rare, the difficult, the exceptional. Set up standards of achievement open to all, to the least, to the most inept – and you stop the impetus to effort in men, great or small. You stop all incentive to improvement, to excellence, to perfection. Laugh at Roark and hold Peter Keating as a great architect. You’ve destroyed architecture. Build Lois Cook and you’ve destroyed literature. Hail Ike and you’ve destroyed the theatre. Glorify Lancelot Clankey and you’ve destroyed the press. Don’t set out to raze all shrines – you’ll frighten men, Enshrine mediocrity - and the shrines are razed."

    -- Ellsworth Toohey

    --
    lucm, indeed.
  37. Re:chroot is not for security. like change directo by mysidia · · Score: 2, Informative

    You can ALWAYS "break out" of chroot.

    If you get a shell in one of my chroot's used for security, then.....

    • Your uid and gid are not going to be 0. Good luck telling the kernel to try and get you out.
    • There aren't going to be any /dev, /proc, or other special filesystems inside your chroot.
    • There aren't going to be any compilers or setuid binaries inside your chroot
    • If this is a FTP area, there won't be any binaries at all
    • Only the minimum files actually necessary for the program that uses that chroot are going to be found inside that chroot.
    • You won't have a chmod() command anywhere available inside that chroot.
    • All unnecessary POSIX capabilities will have been masked out from the process.
    • There won't be any writable locations in your chroot, the whole chroot will be mounted on a read-only file system, except if there is a place where writes are required by the legitimate software, And those mount points will have been marked as noexec.
    • The kernel will be running PaX or GRSecurity, such that most user data areas are non-executable, and memory pages expected to be executable of programs will get marked as read-only as they are launched, so only available binaries can be used to communicate with the kernel through syscalls.

    In short: I think chroot is plenty good for security. There's no way in hell you are breaking out, without a straight up kernel arbitrary execution exploit.

  38. read the man page by raymorris · · Score: 5, Informative

    > In short: I think chroot is plenty good for security

    Check man chroot. The authors of chroot say it's useless for security.
    Perhaps you think you know more than they do ,and more than security professionals like myself do. Let's find out.

    > you get a shell in one of my chroot's used for security, then.....
    ur uid and gid are not going to be 0. Good luck telling the kernel to try and get you out.
    There aren't going to be any /dev, /proc, or other special filesystems

    Gonna be kind of tthough to have a ahell without a tty, aka /dev/*tty*
    So yeah, you need /dev. Can't launch a process, including /bin/ls, without /proc, so you're going to need proc. Have a look in /proc/1. You'll see a very interesting symlink there.

    > mounted noexec

    Noexec is basically a suggestion, not an enforement mechanism . Just run ld /path/to/executable. ld is the loader/lilinker for elf binaries. Without ld ,you can't run bash, or ls. With ld, noexec is ignored.

    My company does IT security for banks. Meaning we show the banks how they can be hacked. When I say chroot is not a security control, I'm not guessing.

    1. Re:read the man page by devent · · Score: 2

      Wasn't the point that chroot is as good, and not better, as the normal Unix permission/groups security feature? So, basically, chroot doesn't and isn't designed to add any additional security besides the normal Unix permission/groups security.

      This means using a chroot is not less secure, but it is not more secure either. If you have proper permissions configured on your system, you are no safer inside a chroot than relying on system permissions to keep a user in check.

      https://securityblog.redhat.co...

      --
      http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
  39. Ever stop and ask why? by walterbyrd · · Score: 5, Insightful

    This has been going on for years, and has years more to go. This is a long term strategy.

    But why?

    Why has Red Hat been replacing standard Linux components with Red Hat components, when the Red Hat stuff is worse?

    Why isn't systemd optional? It is just an init replacement, right? Why does Red Hat care which init you use?

    Why is systemd being tied to so many other components?

    Why binary logging? Who asked for that?

    Why throw away POSIX, and the entire UNIX philosophy? Clearly you do not have to do that just to replace init.

    Why does Red Hat instantly berate anybody who does not like systemd? Why the barrage of ad hominem attacks systemd critics?

    I think there is only one logical answer to all of those questions, and it's glaringly obvious.

  40. Re:BSD is looking better all the time by Electricity+Likes+Me · · Score: 2

    Yes and init scripts are just a bastion of race-free stateful design, and service monitoring. Except not at all those things.

  41. Re:Hang on a minute... More done by fewer and fewe by See+Attached · · Score: 2

    Well put. The notion that *nix is a structure built by many people, with many bricks (and many eyes on each) is being violated. Its not about using larger bricks, its about using one brick? How will that brick be patched? How many eyes are on that brick? How does the community build and grow Systemd? Its time for a split,probably going back to volkerding's work, or BSD and rethinking init and networking and .. sure. sudo as well. Who has the leverage to ask why more is being done by fewer and fewer?

    --
    Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
  42. Process Tracking by Tenebrousedge · · Score: 3, Interesting

    You haven't been paying attention these last 20 years when every unix vendor has replaced SysV init with something else.

    Writing init scripts is not a one time annoyance, at least not for distro maintainers. They are also not portable between distributions, as systemd unit files are. SysV init is also literally the dumbest form of init, where the init process has no information about dependencies, and cannot react sensibly to any changes in system state. Another sticking point involved the inability of the system to track processes accurately, which resulted in a number of kernel-level features over the years, of which cgroups are merely the most recent. Yes, it's fairly rare to have things go wrong, but pidfiles are unquestionably a bad hack.

    Init is a misnomer. It was supposed to be the method by which your system changed states, but it was never very good at this, so people are used to thinking of it only as handling a few rare circumstances. The problem systemd solves is how to get the computer from state A to state B reliably, and guarantee that the services it manages are started properly. Startup and shutdown are special cases of this problem. It is built on kernel-level features that allow it to track processes accurately (and incidentally also track resource useage).

    Systemd is the result of a number of (IMO) obvious choices. Cgroups exist, therefore it makes sense to write a service management tool to take advantage of them. As long as you're writing a service management tool, you should probably write in dependency resolution. Handling startup and shutdown is another logical choice. Also, since 95% of init script contents are common tasks, it makes sense to abstract out that stuff into a common C-based library. At this point it is relevant to note that, cgroups aside, OpenRC does this exact same thing.

    Writing scripts is part of UNIX, and systemd coexists with them pretty happily. However, rewriting scripts into more flexible C libraries is also part of the UNIX tradition. What's so hot about these scripts, besides that you're more comfortable working with them?

    --
    Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.