this post was submitted on 28 Aug 2023
69 points (82.9% liked)

Linux

48077 readers
925 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I have seen so many times that systemd is insecure, bloated, etc. So i wonder ¿does it worth to switch to another init system?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 1 year ago (1 children)

I don't see any fundamental reason why systemd would be insecure. If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.

The bloated argument seems to mostly come from people who don't understand systemd init is a separate thing from all the other systemd components. You can use just the init part and not the rest if you want. Also, systemd performs way better than the old init systems anyway. I suspect many of the those complaining online didn't really have first hand experience with the old init systems.

If a different init suits your needs better, then sure go with it. But for the vast majority of typical desktop/server stuff, systemd is probably the best option. That's why most distributions use it.

[–] [email protected] -1 points 1 year ago (2 children)

I don’t see any fundamental reason why systemd would be insecure.

You mean aside how the author answer to CVEs, right ?

If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.

Not sure. In the end the shell script were just an easy and consistent way to start/stop programs. If the programs were secure (read: checked the input and sanitize it, did the check for permissions and so on) there is not a big difference.

Also, systemd performs way better than the old init systems anyway.

In what regards ? Boot faster ? Fine, but on a server it does not mean anything, a server does not reboot that often; for a desktop it not that the 5 seconds you gain are a fundamental gain.

One problem I see is with the logs: it is true that the format is documented, but a text format is always readable while a binary format... (been here, done that 🤬 )

[–] [email protected] 3 points 1 year ago (1 children)

I agree those CVE responses are not great. Those are from quite a few years ago though. Has their handling of CVEs improved since?

Boot times are not that big of a deal to me either, but some people seem to care about it a lot.

I've never personally had any problems with binary logs. You could always forward to a different logging daemon if that's a concern.

[–] [email protected] 1 points 1 year ago

I’ve never personally had any problems with binary logs.

I had it and I am sure that I could have solved the problem faster if I could have solved it faster if I did not needed to first understand how to access the logs on a damaged system.

You could always forward to a different logging daemon if that’s a concern.

This does not solve the problem, it only move it to somewhere else.

[–] [email protected] 0 points 1 year ago (1 children)

In what regards ? Boot faster ? Fine, but on a server it does not mean anything, a server does not reboot that often; for a desktop it not that the 5 seconds you gain are a fundamental gain.

Are you sure it doesn't mean anything? It means to a LOT of people.

Anyways are you aware of systemd-analyze and that you can profile your boot and services even with graphical representations? Have a look at https://www.apertis.org/guides/boot_optimisation/ and https://opensource.com/article/20/9/systemd-startup-configuration

[–] [email protected] 1 points 1 year ago (1 children)

Are you sure it doesn’t mean anything? It means to a LOT of people.

Fine, still not understanding why something that I should run once in a while (on a server) or it is not that critical seems to be so important. Look, I had way bigger gain moving from a HDD to a SDD than switching to Systemd from the old init.

I refuse to belive that for a desktop user a 5 seconds longer boot time is that important. I could understand on a server where, if you work with it, you can have fines for downtime but even in this case it is a thing that could be handled in different ways.

Anyways are you aware of systemd-analyze and that you can profile your boot and services even with graphical representations? Have a look at https://www.apertis.org/guides/boot_optimisation/ and https://opensource.com/article/20/9/systemd-startup-configuration

Good, but I am not interested in booting my laptop 5 second faster and for my server I have not fines if it start in 20 seconds instead of 10 😁

[–] [email protected] 0 points 1 year ago (1 children)

systemd-analyze isn't only about reducing your boot time by 5 seconds, it's about when you've problems knowing exactly what is happening and when and also about having a clear view of dependencies between services.

[–] [email protected] 1 points 1 year ago (1 children)

At this point I am not that interested in these aspects, for what I need I am ok if the system boot and I can work 😀

But thanks anyway, it is a good thing to know if I ever need it.

[–] [email protected] 2 points 1 year ago

If that’s the case you can simply run systemd configured as it comes with most distritos and enjoy.