this post was submitted on 03 Jul 2024
114 points (91.3% liked)

Linux

48334 readers
658 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 87 points 4 months ago (1 children)

I will use it. I don't care what others think. People can use su, sudo, doas, run0 by their choice, and I don't see why we need a common opinion about it.

[–] [email protected] 35 points 4 months ago (1 children)

This. One thing Linux is about is personal freedom.

[–] [email protected] 63 points 4 months ago (2 children)

If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.

Doing this every day just to open email is understandably fucking enraging even to me as a security """engineer"""/analyst/${bullshitblueteamemailreaderjob}

Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.

[–] [email protected] 12 points 4 months ago

or reused ~~somewhere~~ everywhere ~~at some point~~ constantly

[–] [email protected] 8 points 4 months ago (1 children)

I agree with you. If i had to add my password everytime I’d just add my personal account to sudo group.

Good security works with people, not against them.

load more comments (1 replies)
[–] [email protected] 46 points 4 months ago (2 children)
load more comments (2 replies)
[–] [email protected] 41 points 4 months ago (9 children)

I might try run0 for fun, but I don't think it'll replace sudo any time soon.
The biggest issue I see is run0 purposely not copying any environment variables except for TERM.
You'd have to specify which editor to use, the current directory, stuff like PATH and HOME every time you run a command.

[–] [email protected] 6 points 4 months ago
load more comments (7 replies)
[–] [email protected] 40 points 4 months ago (3 children)
[–] [email protected] 9 points 4 months ago (2 children)

systemd/Linux, or as I've recently taken to calling it, systemd plus Linux

load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] 38 points 4 months ago (2 children)

This just sounds like a a solution in search of a problem.

[–] [email protected] 12 points 4 months ago (1 children)

sudo has more than 220k lines of code, I can definitely see the use of a simpler alternative.

[–] [email protected] 15 points 4 months ago (6 children)

Don't doas already fill that gap ?

load more comments (6 replies)
load more comments (1 replies)
[–] [email protected] 18 points 4 months ago (6 children)

Meaning, run0 is overengineered too?

load more comments (6 replies)
[–] [email protected] 16 points 4 months ago (2 children)

Prompting for every single command seems like it'd suck

[–] [email protected] 23 points 4 months ago (2 children)

Also, you can configure sudo to prompt every time if you really want.

I was on a system that was configured that way for "security", so I would just 'sudo bash' which is obviously much safer /s.

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 15 points 4 months ago

I don't know, we'll just have to see. But personally, I am not a fan of tying so many functionalities to systemd.

[–] [email protected] 11 points 4 months ago (5 children)

su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can't leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.

load more comments (5 replies)
[–] [email protected] 11 points 4 months ago (1 children)

As it is running sudo with a long process is annoying missing and having to reenter my password or missing and the process timing out if I go afk to wait, I can't imagine having to type my password every few moments when I run an upgrade. Surely this is not the pitch. This is already looking dead in the water if so, and god help me if I have to remember to type run0.

[–] [email protected] 11 points 4 months ago (1 children)

No no no
It'll be systemctl --user enable --now systemd-run0d

[–] [email protected] 6 points 4 months ago
[–] [email protected] 10 points 4 months ago (4 children)

I’m surprised they would implement having just run0 effectively log you in as root. For the super security conscious constrictions of the command versus sudo, it would seem that the very notion of elevating your privilege beyond the single command to be carried out, would be anathema to the whole goal of this new command. Evidently not, but it’s surprising to me.

load more comments (4 replies)
[–] [email protected] 9 points 4 months ago

At the moment, fish doesn't know what to do with run0. When that changes, I'll start using it :)

[–] [email protected] 9 points 4 months ago (2 children)

I'm going to continue to keep avoiding Poettering software for as long as he continues to act like a jackass. Even his commit messages are dripping with condescension.

[–] [email protected] 18 points 4 months ago* (last edited 4 months ago) (2 children)

Funny. I didn't know a single thing about the person. But that commit message made me like him more.

Ofc assuming he was just making a light-hearted joke in it.

[–] [email protected] 12 points 4 months ago (3 children)

Users were complaining that their terminal transparency was being broken by the nspawn container and that the colour for other applications like tmux were being affected by it. For example tmux was appearing in the same navy blue in the terminal emulator instead of its usual green.

Idk he's just a hot take merchant basically. He has a particular hate-boner for distros that don't use systemd as the default init system like void and gentoo (usually these are troll tweets as opposed to commit messages though).

load more comments (3 replies)
load more comments (1 replies)
[–] [email protected] 6 points 4 months ago

You'll have to give another example in order to support your point. Because that commit was funny!

[–] [email protected] 9 points 4 months ago (7 children)
load more comments (7 replies)
load more comments
view more: next ›