334
submitted 8 months ago by starman@programming.dev to c/linux@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] nyan@sh.itjust.works 51 points 8 months ago

sudo is already an optional component (yes, really—I don't have it installed). Don't want its attack surface? You can stick with su and its attack surface instead. Either is going to be smaller than systemd's.

systemd's feature creep is only surpassed by that of emacs.

[-] Revan343@lemmy.ca 27 points 8 months ago

systemd's feature creep is only surpassed by that of emacs.

Tomorrow's headline: emacs wants to expand to include a Sudo replacement

[-] mfigueiredo@lemmy.world 12 points 8 months ago

And after that: emacs wants to include a systemd replacement

:wq

[-] PseudoSpock@lemmy.dbzer0.com 6 points 8 months ago

I'd take that over systemd.

[-] devraza@lemmy.ml 17 points 8 months ago

Or you can use a doas implementation like OpenDoas, or maybe sudo-rs...

[-] pingveno@lemmy.ml 10 points 8 months ago

Though a Rust clone of sudo that operates in the same way will still have the same problems.

[-] ichbinjasokreativ@lemmy.world 17 points 8 months ago

But systemd is modular. They make an offer and distro maintainers and admins get to choose which parts to use

[-] nyan@sh.itjust.works 2 points 8 months ago

The problem is that those modules are packaged by the developers as opt-out rather than opt-in. It's a variation on Microsoft's old embrace-extend-extinguish playbook, only the "extinguish" part hasn't worked so well because there are some stubborn distros whose needs don't align with what systemd provides and have maintainers that go out of their way to provide alternatives.

(By contrast, although we may joke about emacs, it's the myriad of third-party extensions that cause it to just about be its own operating system—it doesn't all ship with the core.)

[-] devfuuu@lemmy.world 9 points 8 months ago

And there's also doas which is a nice substitute.

[-] fruitycoder@sh.itjust.works 2 points 8 months ago

I'm not a fan of having root be able to actually login.

Even more so in a true multiuser env where I would rather have privilege escalation be more granular (certain user/groups can esculate certain actions but not others, maybe even limit options of a cmd).

[-] nyan@sh.itjust.works 2 points 8 months ago

Granted, in a true multiuser environment with an admin who's carefully tailoring /etc/sudoers to make sure everyone has the least possible privileges that will allow them to still do what they need, sudo is more secure. There's no doubt of that.

On a machine that has only one human user who's also the admin, and retains the default sudo-with-user-passwords configuration, su vs sudo is pretty much a wash, security-wise. su requires a second password to get root access, but sudo times out and requires the password to be re-entered while a shell created by su can stay open indefinitely. Which is more easily broken will depend on other details of your situation.

(If you're running an incorrectly configured ssh server that allows direct root login with only password authentification, having a root password could contribute to problems, but the correct fix there is to reconfigure the ssh server not to do something so stupid. I hope there's no distro that still ships that way out of the box.)

this post was submitted on 30 Apr 2024
334 points (100.0% liked)

Linux

48748 readers
992 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS