I'd fedora starts to use it then yeah I'll use it but I'll just make an alias cause muscle memory
this post was submitted on 03 Jul 2024
111 points (91.7% liked)
Linux
45590 readers
650 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
As the old adage goes: "All roads lead to /root"
I will use it. I don't care what others think. People can use su, sudo, doas, run0 by their choice, and I don't see why we need a common opinion about it.
This. One thing Linux is about is personal freedom.
A lot of people are afraid of systemd expanding because systemd handles a lot of stuff, so distros are likely to support it rather than the mishmash of tools they personally prefer. It all started with the System-V/Upstart replacement and now very few distros have the patience to customise and roll out the 90s style service management anymore. Their preferences used to align with the mainstream, but no longer do these days, and that causes friction.
This process pushes people who prefer old tools to fringe distros, and newer software is less likely to work on their setups. They're still free to use whatever system they like, of course, but the burden for developing and maintaining daemon management scripts is now on their fringe distro or themselves if their distro doesn't have anything yet. I'd find that pretty annoying too, especially with how convoluted many older system management scripts are and how many moving parts are typically involved. Plus, some stuff like socket activation can't even be done with some of the older init systems so people have to find alternatives.
I doubt anyone reeling against run0 was ever going to consider it anyway.
If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.
Doing this every day just to open email is understandably fucking enraging even to me as a security """engineer"""/analyst/${bullshitblueteamemailreaderjob}
Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.
or reused ~~somewhere~~ everywhere ~~at some point~~ constantly
I agree with you. If i had to add my password everytime I’d just add my personal account to sudo group.
Good security works with people, not against them.
load more comments
(1 replies)
Systemd, not linux
Laughs in Gentoo
su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can't leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.
The permission to do admin things is given by the root user, to your account. So you have to verify your identity by entering your password.
Isn't that how it is? I though that was analogous to how almost everything worked IRL. Whether withdrawing funds from a bank or engaging government services, you prove your identity as a customer/citizen to get the relevant services. At no point do you login to bank or government computers with full privileges.
If you own your own bank, then i think you login as the one with full previlages. Yes when doing administrator things, you have to use sudo. The problem with root with sudo is, you authenticate as a user, then gain full permission from root, i.e analogous to login in to bank with full previlages.
As a person who need to run sudo command its better to just verify yourself as root user to gain "full access". I'm not saying about partial previlages. That is i just need a script which is just su -c with environment variables being copied
I see where you're coming from, but in enterprise environments, you have admin accounts and root login is disabled for security purposes.
Sure. Sudo is a super useful tool in such places. The problem I have is that it is stuffed into the desktop
Completely agree with this take. There are dozens of us!
I might try run0 for fun, but I don't think it'll replace sudo any time soon.
The biggest issue I see is run0 purposely not copying any environment variables except for TERM.
You'd have to specify which editor to use, the current directory, stuff like PATH and HOME every time you run a command.
sudo had several severe security bugs caused by copying env variables so I'm not surprised run0 isn't doing much of that. I've had to help a whole bunch of people fix the permissions/ownership on their Jo. E directory after running sudo so I can even see the point of jot copying $HOME by default.
I don't think it'll replace sudo necessarily, or doas would've done that already. It's still useful as a shorthand for systemd-run and in some locked down system configurations I can see it being useful (i.e. when minimising the amount of SUID binaries). Maybe some elaborate enterprise setups will switch to it for security reasons, especially if they're already leveraging PolKit heavily.
load more comments
(8 replies)
I don't know, we'll just have to see. But personally, I am not a fan of tying so many functionalities to systemd.
I’m surprised they would implement having just run0 effectively log you in as root. For the super security conscious constrictions of the command versus sudo, it would seem that the very notion of elevating your privilege beyond the single command to be carried out, would be anathema to the whole goal of this new command. Evidently not, but it’s surprising to me.
load more comments
(4 replies)
This just sounds like a a solution in search of a problem.
sudo has more than 220k lines of code, I can definitely see the use of a simpler alternative.
load more comments
(1 replies)
I'm going to continue to keep avoiding Poettering software for as long as he continues to act like a jackass. Even his commit messages are dripping with condescension.
You'll have to give another example in order to support your point. Because that commit was funny!
Funny. I didn't know a single thing about the person. But that commit message made me like him more.
Ofc assuming he was just making a light-hearted joke in it.
Users were complaining that their terminal transparency was being broken by the nspawn container and that the colour for other applications like tmux were being affected by it. For example tmux was appearing in the same navy blue in the terminal emulator instead of its usual green.
Idk he's just a hot take merchant basically. He has a particular hate-boner for distros that don't use systemd as the default init system like void and gentoo (usually these are troll tweets as opposed to commit messages though).
load more comments
(3 replies)
load more comments
(1 replies)
Prompting for every single command seems like it'd suck
Also, you can configure sudo to prompt every time if you really want.
I was on a system that was configured that way for "security", so I would just 'sudo bash' which is obviously much safer /s.
load more comments
(2 replies)
load more comments
(1 replies)
Sometimes I really hate the utility names people come up with.
I would love to see chatgpt rename all the core utils in a way that summarizes their function.
But it literally is a summary.
It run's an executable as the user with id 0 (root) and it's called run0.
The name does do what it says & in just 4 char
I feel like this is well named (run as user 0) so then I'm wondering what else you dislike and what you think would be improvements?
load more comments
(2 replies)
The one that really annoys me is using "-r" and "-R" interchangeably for recursion. Why that has stood is beyond me.
Probably: "oh we already have a -r for xxx, let's do recursion with -R"
view more: next ›