Not exactly security related But!

kc1di

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
2,282
Reaction score
2,217
Credits
16,636
SystemD is becoming more of an invasive piece of software. I'm very Leary of allowing it to control my root/sudo access.
The systemd project is adding a new utility to its portfolio, this one designed to replace the sudo and doas programs. Lennart Poettering, systemd's creator, wants to get away from SUID programs (programs that run as another user, such as root, automatically) as a way to elevate access. Instead, he is proposing a situation where the user runs a file which asks the service manager (systemd in this case) to run a new process with elevated access. OSNews writes: "Poettering wants to address this problem [of SUID programs], and has come up with run0, which behaves like sudo, but works entirely differently and is not SUID. run0 asks the service manager to create a shell or command under the target user's ID, creating a new PTY, sending data back and forth from the originating TTY and the new PTY." In other words, instead of the user launching a program (like sudo or doas) that will run a single new process as another user, run0 will get the service manager to create a new process and then pass information between the original shell and the new process. The new run0 command will appear in systemd version 256. -Jesse Smith, Distrowatch
Click to expand...
 


There is a way this could be more secure. If systemd just gives root privileges to every process across the board, then this is a bad idea. If however, each process has its own root user in its own little 'contained environment' like podman or docker.
Then that might be a good thing.
 
That doesnt sound like the worst approach.

I'm not always happy with systemd either, but in general I'm starting to like some of its aspects. I'd appreciate it if they would follow the unix philosophy (do one thing and do it well) a bit more instead of trying to implement a kitchen sink as well into the init tool x)

What in particular do you dislike most about systemd @kc1di ?
 
FWIW, I've been happily using systemd for quite some time.

I just learned a few new commands and kept on trucking when it was adopted by the distro I was using at the time. I do find it amusing that the author of systemd now works at MSFT. (They previously worked for RH.) It has treated me okay and brought some conformity to the major distros.
 
blunix said:
I'd appreciate it if they would follow the unix philosophy (do one thing and do it well) a bit more instead of trying to implement a kitchen sink as well into the init tool x)
Click to expand...
AFAIK systemd is a suite of tools which you can choose to use or not use: service manager, dns resolver, scheduled tasks, journal, bootloader, etc. But I'm guessing you mean that you want to be able to install them separately as Unix tools and not have to have to install the entire systemd tool suite in order to use any of them?
 
Is it possible to have systemd in a flatpak ?

  1. Isolation: Each Flatpak application runs in its isolated environment, with its own set of dependencies. This improves security and stability by preventing conflicts between different applications and system libraries.
 
Condobloke said:
Is it possible to have systemd in a flatpak ?

  1. Isolation: Each Flatpak application runs in its isolated environment, with its own set of dependencies. This improves security and stability by preventing conflicts between different applications and system libraries.
Click to expand...
I doubt it would work as a flatpack, Simply because it's needed to boot the system and run all the units it must start which would include flatpacks of some sort. I can't see a way you could keep it from be invasive even if it were a flatpack. I may be wrong.
 
Last edited:
Condobloke said:
  1. Isolation: Each Flatpak application runs in its isolated environment, with its own set of dependencies. This improves security and stability by preventing conflicts between different applications and system libraries.
Click to expand...
Kinda sounds like the same thing that Snaps does.

Ain't trying to start no argument.
 
The Duck said:
Kinda sounds like the same thing that Snaps does.
Click to expand...

snap, flatpak, and appImage are all basically the same thing. I'm still not a big fan of any of them, but there have been
a few times it was the only option. So, I confess, I run a few, only because I didn't have a choice.

That's what scares me, if enough developers get on-board we may no longer have a choice.
 
dos2unix said:
snap, flatpak, and appImage are all basically the same thing. I'm still not a big fan of any of them, but there have been
Click to expand...
I switched from Arch to Fedora Silverblue because I wanted to experience what Atomic distributions are all about. I have come to like them now after understanding how they work more and having used it for a few weeks now. I especially like the separation between os and user applications and the the os is images based and read only. All my graphical user applications are Flatpaks and I have a few tools layered on top of the base image because those aren't available through Flatpak, thing such as qemu/libvirt, zsh, neovim and tmux.
 
Did some reading here:
opensource.com

Understanding systemd at startup on Linux

In Learning to love systemd, the first article in this series, I looked at systemd's functions and archit
opensource.com opensource.com

During the booting process systemd involves BIOS, MBR, the bootloader, kernel initralization and the init process.
There are several stages in the boot process and each perform a spicific task for the initialization of the system.

There are systemctl isolate multi-user.target commands. I've never used them but I'm certainly going to look into this.
There may be a way to stop it from being invasive @kc1di-:)
 
I've become very familar with Systemd and use it on my current distro of choice. But It is becoming more in control of the system as each new unit is visioned and incorporated. It's not a simple boot squencer any more. I think the biggest problem many older Linux users have is the way it was implemented in the first place and the fact it seems to go against the Unix principle of do one thing and do it well. But I use it because with most of the major Distros you no longer have a choice. Sure there are some systemd free distros but they tend to be the smaller group and what may be called second tier distros. I like many of them but they I do not think will have staying power. Will see. Most of the newer linux users i've talked to could care less about systemd or init processes, they just want a machine and OS that works out of the box.

In any event where ever systemd or other initializing software go in the future I recommend enjoy the journey!
P.S. there are may conspiracy theorist among systemd posts I'm not trying to be one of them. Just putting forth information that may be helpful to others making a choice.
 
Last edited:
You must log in or register to reply here.

Members online

Total: 610 (members: 4, guests: 606)

Latest posts

Top