back to article Version 256 of systemd boasts '42% less Unix philosophy'

The latest version of the systemd init system is out, with the openly confrontational tag line: "Available soon in your nearest distro, now with 42 percent less Unix philosophy." As Lennart Poettering's announcement points out, this is the first version of systemd whose version number is a nine-bit value. Penguins surround …

  1. David Harper 1

    I only just got the hang of the sudoers file format

    And now I'll have to learn how to use yet another arcane bolt-on to systemd. Bugger.

    1. Doctor Syntax Silver badge

      Re: I only just got the hang of the sudoers file format

      But does this have an equivalent? Or maybe it just users the suders file before deprecating it a few releases in the future.

    2. AdamWill

      Re: I only just got the hang of the sudoers file format

      It authenticates via polkit, which you probably have already. https://www.freedesktop.org/software/systemd/man/devel/run0.html

      1. Spamfast
        Trollface

        Re: I only just got the hang of the sudoers file format

        Argggh!

        So instead of a very easy to implement, low footprint kernel feature to allow a root-write-only bit in the file attributes to cause an exe to run as root we have to have the whole policykit architecture in place to perform a task requiring elevated privs.

        The policykit documentation is as awful and ambiguous as the systemd stuff. Then, which version of policykit is this machine running? Where are the configuration files kept for this particular build of policykit? How do I find that out?

        While it can get complicated, configuration for sudo can exist in as little as a single /etc/sudo.conf file which can allow specific users or groups to run specific tools with specific constraints. Good luck demonstrating to yourself that your systemd & policykit configuration is providing exactly the security permissions you want.

        The sources for SUID in the kernel & for the sudo exe have undergone extensive review and are very stable. Systemd & policykit seem as stable as The Persistence Of Memory and as easy to grok as something from Hieronymus Bosch.

        In terms of numbers, the vast majority of Linux instances are in very small devices - routers & other network comms, home-entertainment/industrial/agri-mech/marine/automotive displays & control units etc. - which often can't and in any case should not need unlimited amounts of CPU, RAM and peristent memory. (Otherwise they'd be too power hungry, expensive or unreliable.) To enable improvements in the 'run it all as root' policy in a lot of this stuff the last thing we need is to mandate systemd & policykit for priv-elev.

        1. ibmalone

          Re: I only just got the hang of the sudoers file format

          Indeed, sudo used properly (before Ubuntu popularised sudo everything as an alternative to root login) allows giving access to exact commands and per user control of those. It's actually fine grained, and with some kind of network based authentication you can actually just revoke someone's ability to do things by (for example) removing the relevant group membership from their account. Whereas, to use an old school example, given a printer user login that some people have a password to, revoking one person's access requires changing the password and redistributing the new one to all remaining authorised users, and either a specific password account or a group permission based approach they can still do everything, while sudo says only this exact command as a particular user.

          https://www.freedesktop.org/software/systemd/man/devel/run0.html

          Authentication takes place via polkit, thus isolating the authentication prompt from the terminal (if possible).

          So, not in the vast majority of times when I'm running an ssh session on a remote system then?

          And I'm still looking in vain on that page, or linked ones such as https://www.freedesktop.org/software/systemd/man/devel/systemd-run.html for some example of how escalation privileges could be configured. As you say, probably somewhere in polkit (obviously documentation is not linked), which the only end user way to engage with is generally all or nothing "grant administrator access".

    3. jaypyahoo

      Re: I only just got the hang of the sudoers file format

      Or learn NetBSD. Better for long term sanity. :)

      1. LionelB Silver badge

        Re: I only just got the hang of the sudoers file format

        I would love to go *BSD - the showstopper for me is that Matlab1 is essential for my work, and unfortunately does not support any of the BSDs. Ironically, this is the same kind of obstacle that many specialised Windows users (e.g., in graphics or audio) complain about with regard to switching to Linux.

        1GNU Octave, an open-source almost-clone of Matlab, is supported on several BSDs, but is not sufficiently compatible with Matlab (nor, it must be said, does it have the scope and polish) to cut it in my line of work (computational neurocience).

        1. Arthur the cat Silver badge

          Re: I only just got the hang of the sudoers file format

          I would love to go *BSD - the showstopper for me is that Matlab1 is essential for my work, and unfortunately does not support any of the BSDs

          I haven't used it so can't comment on its effectiveness but among the FreeBSD ports I find

          ---- /usr/ports/math/matlab-installer:

          Version: 0.2

          This port installs the prerequisites for Mathworks (r) Matlab for Linux and an installer script (matlab-installer), which automates the somewhat tricky process of installing Linux Matlab.

          Installing Matlab requires Matlab installation media and a license file and installation key from Mathworks, Inc.

          ----

          This uses FreeBSD Linux emulation (which can even run Linux code faster than Linux at times). The web site behind it is https://acadix.biz/matlab-installer.php.

          Alternatively, if faced with code that really has to have Linux underneath, I'll run it in a bhyve virtual machine and display it on my normal FBSD X desktop (although Wayland will probably bugger that up soon).

          1. LionelB Silver badge

            Re: I only just got the hang of the sudoers file format

            Thanks for that, but I suspect it is very out of date; googling around a bit suggests that installing current(ish) versions of Matlab on FreeBSD is highly problematic, if possible at all, to the extent that the community seems to have given up on it. (The latest successful reports of a functioning Matlab installation on FreeBSD appear to be circa 2014.)

    4. This post has been deleted by its author

    5. Tim99 Silver badge

      Re: I only just got the hang of the sudoers file format

      Maybe consider switching to something without systemd, like the Debian fork Devuan?

  2. Bartholomew
    Mushroom

    It's the only way to be sure.

    This is what happens when no one says "I say we take off and nuke the entire site from orbit."

    1. R Soul Silver badge

      Re: It's the only way to be sure.

      It's the only way to be sure.

      1. Michael Strorm Silver badge
        Trollface

        Re: It's the only way to be sure.

        Yeah, but since Poettering now works for Microsoft, wouldn't doing that also run the risk of destroying the parts of the company responsible for developing Windows 11 and all those other MS products we know and...

        On second thoughts, you pilot the ship and I'll get the nuke ready! ;-)

        1. SCP

          Re: It's the only way to be sure.

          You're going to need a bigger nuke!

        2. katrinab Silver badge
          Meh

          Re: It's the only way to be sure.

          Except that Windows does now have sudo, at least in the Developer Preview version.

          1. H. sapien Floridanus

            Freaky Friday IT Help Desk Edition

            Tess: My Linux PC sudo command is not recognized!

            Anna: My Windows won’t let me perform admin tasks unless I use sudo!

            Both: WHAT THE DARN HECK* IS GOING ON???!!!!

            * rated G for general audiences. Wholesome language may not be realistic depiction of a typical IT environment.

          2. Teal Bee

            Re: It's the only way to be sure.

            We've gone full circle!

            I suspect that sudo (the Linux command) will end up like its poweroff and shutdown contemporaries – just a symlink to some systemd binary, and most users won't even notice that it's gone unless they actually need some advanced feature.

        3. CrazyOldCatMan Silver badge

          Re: It's the only way to be sure.

          On second thoughts, you pilot the ship and I'll get the nuke ready! ;-)

          I refer the honourable gentlebeings to the warning fable contained in the tome called "Dark Star"..

          (https://en.wikipedia.org/wiki/Dark_Star_(film) - yes, yes, it's the fillum version but PikiWedia doesn't appear to have an entry for the book)

          1. Arthur the cat Silver badge

            Re: It's the only way to be sure.

            Tell me bomb, how do you know you exist?

            1. pwl

              Re: It's the only way to be sure.

              “Let there be light”

    2. Dave559

      Re: It's the only way to be sure.

      Can't we all just get along? Let's all get a nice easter egg for Lennart: There's this place on LV-426 where the floor is just full of them…

      1. simonlb Silver badge

        Re: It's the only way to be sure.

        It's near a nice resort called Hadley's Hope. I believe it's nice there in the summer.

    3. Tom66

      Re: It's the only way to be sure.

      I don't recall a lack of objection to anything in systemd. It's quite possibly the most objected-upon thing in Linux these days. It's just that it either falls on deaf ears at kernel/distribution HQ, or insufficiently few people outside of these groups care about it to make a difference.

      Sometimes all that needs to happen for tyranny to prevail is good men doing nothing. (Readers need determine whether systemd is tyrannical or not. I'm indifferent myself.)

    4. Telman

      Re: It's the only way to be sure.

      What happens is up to us.

      Either enough people give time and/or money to the alternatives, or we are screwed.

      Example: I just donated $10 to MX Linux. It's not much, but it is probably more than I should afford right now.

      The is the OS I am using to put up this post.

      I can't program, but this is what I can do. I need to try and do more.

      We all do.

      Good Luck

  3. Bartholomew
    Meh

    version 256 of systemd

    Now with 42% more attack surface.

    1. MyffyW Silver badge

      Re: version 256 of systemd

      Despite very limited facial hair (lashes and brows only!) I like the UNIX philosophy.

      1. Arthur the cat Silver badge

        Re: version 256 of systemd

        I like the UNIX philosophy.

        In the case of suid programs, that wasn't even Unix but the concept came from Multics (and Atlas had something similar I believe). Good old 60s tech, much of which was too ambitious for the hardware of the time to support efficiently and a lot of which has been forgotten now the hardware is powerful enough.

  4. Dan 55 Silver badge
    Flame

    Let's throw out the concept of systemd on the dump of bad Linux ideas.

    TFTFY.

    1. That Badger
      Linux

      Re: Let's throw out the concept of systemd on the dump of bad Linux ideas.

      Ian Murdock (the Ian in DebIan) probably said something similar, before being taken out of the equation...

    2. Androgynous Cupboard Silver badge

      Re: Let's throw out the concept of systemd on the dump of bad Linux ideas.

      The jokes, they just write themselves don't they?

  5. alain williams Silver badge

    How long before systemd ...

    has an emacs function ?

    We used to joke about emacs doing everything but did not foresee systemd.

    1. b0llchit Silver badge
      Mushroom

      Re: How long before systemd ...

      Soon: systemd, without an OS kernel. Boot directly into systemd and all your applications will run as systemd. All applications are systemd. Systemd rules!

      1. Bartholomew
        Terminator

        Re: How long before systemd ...

        The origin story of the Borg!

        1. Herby

          Re: How long before systemd ...

          This seems to fall into the category of:

          All your base belong to us.

      2. wolfetone Silver badge

        Re: How long before systemd ...

        You joke but it already has it's own text editor.

      3. nematoad Silver badge
        Devil

        Re: How long before systemd ...

        ...all your applications will run as systemd.

        Indeed. It just makes you wonder if systemd was really Poettering's audition to work at MS.

        Not being au fait with things systemd (PCLinuxOS user here) does it have a Registry yet?

        1. Mr D Spenser

          Re: How long before systemd ...

          does it have a Registry yet?

          Beat me to it. That's the answer to a previous posters question about the sudoers file.

        2. Anonymous Coward
          Anonymous Coward

          Re: How long before systemd ...

          Not being au fait with things systemd (PCLinuxOS user here) does it have a Registry yet?

          Of course it does. It's the crapware utility(?) that has everything.

          If not, it'll be in the next release. Alongside a handful of RDBMS, compiler suites and libraries for every programming language, so-called office automation tools, web browsers, window managers, Windows emulators, AI chatbots, etc, etc.

          One day soon systemd will provide VMs for running yet more instances of Linux and systemd. That might well have happened already.

          1. Liam Proven (Written by Reg staff) Silver badge

            Re: How long before systemd ...

            [Author here]

            Yes it does containers, via systemd-nspawn. I have a feeling it has hooks for VMs as well.

            Aha.

            https://github.com/dehesselle/virtctl

          2. Citizen99

            Re: How long before systemd ...

            Sounds rather recursive ... vanishing up its own fundamentals.

          3. CRConrad

            Naah.

            One day soon systemd will provide VMs for running yet more instances of Linux and systemd.
            Nah. Just systemd.

        3. Dave_A

          Re: How long before systemd ...

          No registry yet, but it does have its own knockoff of Windows' 'event viewer' binary log database (journald)....

          Give Pottering enough time and SystemD will copy all of the microsoftisims from Windows Server in one way or another....

          Kind of like his other RedHat compatriot who thought that what Linux really needed was.... .NET! (deIcaza & Mono)...

      4. zimzam

        Re: How long before systemd ...

        Your system are belongd to us.

  6. Doctor Syntax Silver badge

    "Let's throw out the concept of SUID on the dump of UNIX' bad ideas."

    For once I agree with him. Just use su.

    1. Spazturtle Silver badge

      su means I need to give out the root password and it also makes it harder to control access with SELinux.

      1. Doctor Syntax Silver badge

        With sudo you don't need to give anyone root password because their own password suffices if they're in the sudoers file. That means hat if their password has been obtained by somebody else - possibly because they reused it elsewhere - then there's no additional layer of protection. None. Whatever access they have through sudo is now open to that third person.

        The only reason you should have to give out the root password is that you need to give someone access that can only be done by root. The original solution was that if someone's job was printer administration that was done by user lpadmin and they'd su to lpadmin using lpadmin's password, not root's. And you still needed a separate password to become root.

        It was a poor solution to an already solved problem.

        1. Phil O'Sophical Silver badge

          With sudo you don't need to give anyone root password because their own password suffices if they're in the sudoers file. That means hat if their password has been obtained by somebody else - possibly because they reused it elsewhere - then there's no additional layer of protection. None. Whatever access they have through sudo is now open to that third person.

          Which is also true if they've been careless enough to lose the root password. That's a more likely scenario for someone who only occasionally has to use it, and so puts it on a post-it or similar. They are hopefully less likely to do that with their own password, which they use frequently enough to remember it.

          The big advantage of tools like sudo is the audit trail. If someone logs in as root using the root password and commits mayhem, you have no idea who it was.

          If, on the other hand, someone uses sudo to become root & cause trouble, you know who did it.

          In any case, Poettering seems more to be referring to the concept of SUID, and the related setuid() function, which isn't the same thing as sudo. It's more often used to allow specific binaries to run with elevated privileges. He seems to be suggesting that instead of giving the binary itself the privilege (via what is essentially a filesystem permissions bit hack interpreted by the kernel), the user would "ask" systemd to run it with privilege. It's just more systemd empire-building, removing control from the kernel & putting it in systemd. As noted elsewhere, we're rapidly heading toward systemdOS, any day now he'll reinvent containers.

          1. Teoh Han Hui

            > any day now he'll reinvent containers.

            You're talking as if `systemd-nspawn` isn't already one of the most widely-used container technologies with or without your knowledge: https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html

          2. Spazturtle Silver badge

            I see Pottering is a subscriber to the 'SELinux is too difficult to understand, lets write some code to do the same thing but worse' school of thought. The Google Android team also think like this and it is slowly turning Android into such a massive mess.

            1. imanidiot Silver badge

              Turning Android INTO? They're already there. By now they're just adding to the mountain.

            2. Graham Dawson Silver badge
              Facepalm

              Replace SELinux with ALSA and this is how we ended up with the horrendous abortion that is pulseaudio.

          3. CRConrad

            Re: systemdOS

            As noted elsewhere, we're rapidly heading toward systemdOS
            I've been saying that for years; it's a great relief to finally see that others also are recognising it for what it is.

            any day now he'll reinvent containers.
            As others here have pointed out, apparently he already has. Oh well, if nothing else, perhaps it will serve as confirmation so more people will start to see what's going on.

            1. timrowledge

              Re: systemdOS

              “As noted elsewhere, we're rapidly heading toward systemdOS”

              I think you meant system DOS...

        2. nematoad Silver badge
          Pint

          Just use su.

          Amen to that.

          Have one on me.

          Some thoughts on PClinuxOS's take on Sudo

        3. Eecahmap

          Use MFA with sudo.

          The product I supported in my last job, BoKS, can do exactly that.

          1. Dave_A

            As can LinOTP, and so on....

        4. ibmalone

          It was a poor solution to an already solved problem.

          Given that description maybe he's just upset someone beat him to it.

      2. Anonymous Coward
        Anonymous Coward

        sudo su -

        1. Dave_A
      3. bigtimehustler

        Well, most people think giving sudo access means you allowing you to run "sudo su -" so at that point all bets are off.

    2. ChoHag Silver badge

      su is a suid binary, indeed it was possibly the first suid binary:

      -r-sr-xr-x 1 root bin 17528 Jun 7 15:43 /usr/bin/su

      1. Anonymous Coward
      2. Michael Wojcik Silver badge

        Exactly. That's how su can set uid and gid for the exec'd program.

    3. Dave_A

      The main benefit of SUDO

      Was being able to keep the root password locked up in KeePass or similar, and have people do admin tasks without having to know it.

      Which also means that if someone quits or gets fired, who did admin tasks but didn't have access to the root PW... You wouldn't have to change it....

  7. wolfetone Silver badge
    Meh

    I wish someone would dump systemd and Poettering somewhere away from Linux altogether.

    1. TVU Silver badge

      "I wish someone would dump systemd and Poettering somewhere away from Linux altogether"

      The perfect place would be the subantarctic Bouvet Island which very conveniently has no internet connection to anywhere else in the world.

      1. xMrDo
        Mushroom

        Not good idea to pollute the south atlantic ocean with rubbish

      2. Anonymous Coward
        Anonymous Coward

        If only. Once Poettering was abandoned there, he'd keep adding unwanted bloat to systemd until it spread all the way to the north pole.

      3. Dave559

        "The perfect place would be the subantarctic Bouvet Island"

        The Baron of the Bouvet Islands might object very strongly to that (not least because he has more affinity with Tux than you might think).

        I'm sure there must be some other suitable rocky outcrop that could be used instead…

      4. DJV Silver badge

        Bouvet Island

        No, it's still on this planet and in this solar system.

    2. Lennart Sorensen

      Much as I absolutely despise pulseaudio and think systemd does seem to have some feature creep problems, I unfortunately have to admit that systemd does handle running systems much better than any of the other systems we have had. And my first thought to replacing sudo is "Why would systemd be better?" and then I think about it and realize that having a message protocol to init that is already running as root rather than suid binaries just might actually be safer. Damn. He might have a point. I definitely don't want to go back to before systemd anymore. Process monitoring and launching really should be done together. It is the sensible way to do it.

      1. klh

        It's not making the attack surface smaller, it's just moving it elsewhere.

      2. Anonymous Coward
        Anonymous Coward

        This is the problem with the philosophy of many Linux users - "If something that should work well, doesn't, instead of fixing it, let's write a completely new one'

        Witness OSS polluted with pulse audio, and then Alsa be ame the new toy.

        How about devfs/udev?

        Then of course, systemd itself, boosted by misguided views like yours.

  8. Anonymous Coward
    Anonymous Coward

    "42% less Unix philosophy"

    Translation: Poettering knows he's never been- and never will be- popular among the Linux community, and has decided to go all-in on the smug troll route instead, doubling down on the entirely legitimate reasons he's disliked there and attempting to mock them for it.

    1. Doctor Syntax Silver badge

      Re: "42% less Unix philosophy"

      It's not the sort of character trait that engenders trust and yet systemd required an enormous amount of trust.

    2. Liam Proven (Written by Reg staff) Silver badge

      Re: "42% less Unix philosophy"

      [Author here]

      > has decided to go all-in on the smug troll route instead

      Do please note, this description is *not* from Lennart P himself.

      It was from Luca Boccassi:

      https://social.vivaldi.net/deck/@bluca@fosstodon.org/112600235620499886

      https://github.com/bluca

      https://salsa.debian.org/bluca

      1. Anonymous Coward
        Anonymous Coward

        Re: "42% less Unix philosophy"

        Thank you for the correction- though, to be fair, it was an understandable misinterpretation given that the quote in the article immediately preceded reference to "Lennart Poettering's announcement" itself.

        Regardless, that sort of smug, triumphalist gloat coming from *anyone* in a high-ranking position within the project doesn't reflect well upon it or its attitude towards the community.

      2. Dave559
        Coat

        Re: "42% less Unix philosophy"

        Sorry, Liam, but in this case you probably then shouldn't have worded the article in such a way as to imply that the source of the quote was Poettering himself (not everyone follows links, and even then, even if the URI did sort of hint that the site referred to wasn't Poettering himself, the way that you reported it did very much imply that the tag line was actually his and that the quote did originate from him).

        That's the sort of misleading writing you would expect from a disreputable sensationalist trashy red-top tabloid… Oh, as you were…[1] >;-)

        [1] Sadly now with 42% less vulture-snark, 99.9% less Playmobil, and 100% more alternate [sic][2] spelling…

        [2] alternative, dammit, alternate means something entirely different, wig-wag, wig-wag, wig-wag…

    3. R Soul Silver badge

      Re: "42% less Unix philosophy"

      The latest systemd abortion may well have "42% less Unix philosophy" (whatever that means). It *deliberately* never had any of that. However systemd retains 100% of Poettering's unbelievably shitty design. As if that appalling bloatware ever had any sort of design.

  9. oknop

    minor nit

    'Before any OpenVMS admirers get excited, no, Linux does not now support versions on files or directories.'

    OpenVMS (ODS) never supported versions of directories. Only normal files. A directory file always has version 1.

    Oswald

  10. Anonymous Coward
    Anonymous Coward

    Pretty soon we'll be running GNU/systemd.

    How can the rot be stopped?

    1. Doctor Syntax Silver badge

      By moving to Devuan or one of the other non-systemd Linices and if that really does become infeasible, move to a BSD.

      1. Sudosu Bronze badge

        Personally, I have been slowly sliding my servers over to OpenBSD for my mainline servers and OmniOS for my file servers.

        I do still use Proxmox for my VM's, but I consider that more of an appliance.

    2. Anonymous Coward
      Anonymous Coward

      By writing a better competitor that people WANT to use instead of having it forced on them.

      The curmudgeons would say let's go back to SysV but then they'd probably also be happy making everyone sit in caves whilst rubbing two sticks together. Upstart was only a small improvement over SysV and that's not enough to make people take notice. A true future competitor must have some key advantage in order to make waves, and it needs to be significant waves to aler the course of SystemD's sea-swell.

      1. Doctor Syntax Silver badge

        Yes, I'm a curmudgeon and refute your comparison.

        Maybe there is a better solution than Sys V but I found Upstart already a step in the wrong direction because it made a start-up problem impossible to diagnose. Possibly there was somewhere where some debugging could have been inserted but if so it was sufficiently obfuscated that I never found it. Clarity is a virtue to be valued.

        1. Lennart Sorensen

          systemd definitely makes debugging startup problems so much easier. It actually logs all output of all the services you run. No other init system ever did that. And it monitors the things it runs. Not sure any of the others did that either. So yes any actual competitor has a very high bar to beat to have a chance.

          1. Anonymous Coward
            Anonymous Coward

            In a binary log file.

            Please try again.

            1. Tom66

              A binary log file is hardly a major headache when you can just read it using a tool like journalctl, though.

          2. Anonymous Coward
            Anonymous Coward

            What a load of crock!

            All my services are logged if I want them to be, and not a systemd in sight.

            Don't blame other tools if you can't use them correctly.

            How on earth do you think everything worked before systemd came along?

          3. bazza Silver badge

            In my experience, systemD creates startup problems with networking (it seems to have an absurd idea of when an interface is up), and hallucinates circular dependencies when there aren't any really. To this day I'm still having to start some stock services in stock Linuxes with ordinary configurations via cron, waiting a minute after boot because systemD is incapable of correctly launching them.

            It's problems like this that are infuriating. With broken init scripts, it's easy to fix them. With broken systemD, it's a matter of persuading Poettering or similar that there's a problem (which is impossible) to get a fix merged.

            There's no doubt a ton of not heavily analysed code behind that sudo replacement... The systemD project has screwed this up previously, needlessly replacing mature source code bases with their own reimplementation that's come with security ****ups.

        2. jospanner

          Why do you think SystemD is as popular as it is? Genuine question.

          1. bazza Silver badge

            It's not popular, and nor are some things that depend on it (Gnome) necessarily popular either. The real issue is that there is limited practical choice. Yes, you can get something like Devuan, but smaller projects struggle to get enough developer resource. Ultimately, it's all about industrial strength. RedHat is in control of both the SystemD and Gnome projects by employing a lot of the folk working on them, and if you want a nice shiny up to date slick desktop then you're stuck with Gnome, and therefore stuck with SystemD.

            And as other distro outfits are unlikely to maintain a server version of their distro that is radically different to their desktop version, their server versions also get SystemD-ised. Thus, many Linuxes are moving more and more towards being RedHat's idea of what Linux should be like, only with a different package manager.

            RedHat are just as able to pull the same trick with Gnome and SystemD as they have with RHEL. They are in a position to cut all other Linux distros off at the knees - cutting them adrift from Gnome and SystemD, having got them hooked on both.

            1. Liam Proven (Written by Reg staff) Silver badge

              GNOME does not depend on systemd.

              1. Graham Dawson Silver badge

                As of right now it doesn't, it's true, but it had a hard dependency on systemd for long enough that the problem stuck in peoples' minds.

          2. hittitezombie

            Almost no one wants it, it is forced down our throats by big distros and baked in dependencies.

            1. jospanner

              And why do *they* want it in their distros? Do you reckon it's influence from Red Hat, over-represented because of the money involved? Cos I can definitely see that happening.

              The thing that confused me is how everyone and their spouse seems to be dunking on SystemD and yet it's, apparently, everywhere.

              I'm not big into Linux distro politics so please forgive me.

      2. Fred Daggy Silver badge
        Mushroom

        Distrust and disrupt the disruptor

        I think systemd will do it to themselves.

        It is growing. Virus-like. One day it will just grow too big and the cracks will show. The cracks will be exploited. Cracks will be papered over, exposing more cracks. Sort of like Windows.

        At that point, systemd will be prime for disruption. I for one, will not be standing in the way of systemd shooting themselves in the foot.

        1. Hans 1

          Re: Distrust and disrupt the disruptor

          Cracks have already appeared, instead of using glibc for DNS lookups they wrote their own, with a bug very similar to a long fixed bug in glibc.

          The whole concept of système d is "Why use what works?"

      3. Graham Cobb Silver badge

        Yes. We really needed a startup manager that could handle complex, parallel and ever increasing dependency graphs. SystemD is a reasonable implementation of that and does a decent job (although it's tools for debugging startup ordering issues leave a lot to be desired).

        However, I am really not convinced by the move to turn it from a startup-ordering-manager to an all-inclusive-jack-of-all-trades-general-services-blob. If I wanted all my system services in one blob, from a single source, I would be running Windows.

        1. Anonymous Coward
          Anonymous Coward

          f I wanted all my system services in one blob, from a single source, I would be running Windows.

          Who's paying Poettering's salary these days? Could that be a vendor which is rather fond of the "all system services in one blo, from a single source" approach?

    3. Anonymous Coward
      Anonymous Coward

      How can the rot be stopped?

      Use a proper OS. For instance one of the BSDs.

      1. Lennart Sorensen

        Re: How can the rot be stopped?

        No thanks. I have tried those. I am not putting up with that obsolete crap. I don't have the patience. I once thought maybe if Debian ever got the a BSD kernel with the regular Debian user space port finished that would be usable, but at this point, even that has no interest anymore.

        1. werdsmith Silver badge

          I am not putting up with that obsolete crap

          That's what I thought when I used linux.

          I use BSD on servers too and it is like a breath of fresh air.

        2. karlkarl Silver badge

          Re: How can the rot be stopped?

          You want the other way round.

          Linux kernel opens up a wide range of hardware whereas the BSD userland doesn't smell like pee.

        3. Anonymous Coward
          Anonymous Coward

          Re: How can the rot be stopped?

          Yet another post of yours that confirms you really don't understand what you are talking about.

      2. DexterWard

        Re: How can the rot be stopped?

        Use OSX. No systemd there

    4. Dave_A

      Well, the enterprise Linux scene would have to be completely divorced from RedHat, which is the force behind P's bad ideas becoming so widely adopted

  11. ChoHag Silver badge
    Facepalm

    We don't want SUID so let's move SUID over here and call it something else!

    1. DS999 Silver badge

      Not only that

      He's replacing something smaller and easier to audit in the form of sudo (or su) with something massively more complex, with a potential attack surface that only grows larger with every release.

      Pottering won't be happy until the entire kernel and GUI are subsumed into his McMansion sized kitchen sink.

  12. cjcox

    Around the corner... systemd-llama: "You don't need to do anything, we got this."

    1. Sudosu Bronze badge

      It really whips the llama's ass.

      1. ecofeco Silver badge
        Coat

        Amped for the win.

  13. Bebu Silver badge
    Windows

    Temptation...

    to port Solaris 10 (or OpenIndiana/illumos) SMF to Linux but the cure might be worse than the disease. ;)

    I have no real idea what 42% less Unix philosophy actually means and I am not sure Poettering could enumerate those tenets of Unix philosophy the 42% doesn't now support.

    Unix setuid has been a security nightmare but if you allow Linux capabilities you can get away with no suid binaries although cap_setuid is not much better. (Surprising how many scanning tools check setuid/setgid file perms but ignore file capabilities. ;)

    1. Anonymous Coward
      Anonymous Coward

      Re: Temptation...

      > I have no real idea what 42% less Unix philosophy actually means

      You're dignifying it with more seriousness than it warrants.

      It's nothing more than a snide jibe at those who have- legitimately- criticised systemd for being a fundamental abandonment of the Unix philosophy of being based on multiple small tools that each do one thing well and instead forcing a corporate-driven move towards a Windows-style approach of everything being shoved into a single monolithic, inflexible, complex and massive "blob".

      (It should be noted that the author of the article has clarified that it wasn't Poettering himself who made that comment, but Luca Boccassi, another person within the systemd project).

      1. bazza Silver badge

        Re: Temptation...

        >towards a Windows-style approach of everything being shoved into

        >a single monolithic, inflexible, complex and massive "blob"....

        ...that's been written in C. The most difficult language to use in complex code that has to correctly implement security functions and get it all completely right.

        Given that SystemD is only 14 years old, and there were myriad better languages available by then other than C, picking C seems just mad. Especially when it pivoted from being an init system to fulfilling some serious security roles.

        1. Anonymous Coward
          Anonymous Coward

          Re: Temptation...

          > Especially when it pivoted from being an init system to fulfilling some serious security roles.

          Systemd was never intended to be solely an init system- that was just the excuse the camel needed to get its nose inside the tent.

    2. CRConrad

      The number itself was a clue...

      ... that it was facetious: 42. Don't forget your towel!

  14. Doug 3

    what could possibly go wrong

    Let's make everything easier to run as root sounds like something a Microsurf would say and want.

    And if systemd is now going to take input from run0 there had better be a wall much bigger than used in World War Z built around it. Make that 3 of them.

    I have a bad feeling about this.

    1. Lennart Sorensen

      Re: what could possibly go wrong

      Well sudo takes such input and sudo is a suid binary. That is actually quite scary. Having a well defined interface between run0 and init actually sounds simpler to get right than what sudo does. systemd seems to have done a pretty good job at defining its interfaces so far, so my initial thought of "oh no, not again" is actually quickly changing to "that just might be a really good idea when I think about the details".

      1. klh

        Re: what could possibly go wrong

        Think about the details again. It's an interface to a much bigger binary that does much more than sudo ever did.

        1. bazza Silver badge

          Re: what could possibly go wrong

          ...and if the protocol between run0 and init is in anyway feebly defined or implemented, it becomes possible to both exploit init and also get stuff run with root privileges.

      2. Anonymous Coward
        Anonymous Coward

        Re: what could possibly go wrong

        AGAIN you're missing the point.

        You don't fix a tools deficiencies by replacing it with a worse tool.

  15. nullroute

    Less UNIX philosophy...

    ... So do many things, poorly?

    1. gv

      Re: Less UNIX philosophy...

      AKA Windows 11...

  16. NickHolland
    Facepalm

    Plan 256, from the depths of heck.

    Long ago, it was said, "Those who don't understand Unix are bound to reinvent it, poorly".

    Now we got Linux trying to reinvent Windows...poorly.

    The current user base for Linux appear to be frustrated Windows users, hating Windows, but intent on recreating it. The leaders are afraid to say, "no, bad idea" to anyone's new code, no one gets recognized for improving existing code, they want to have their name on the replacement for something.

    Let the downvoting begin...

    1. Lennart Sorensen

      Re: Plan 256, from the depths of heck.

      I have not seen anything in systemd that looks like it is copying windows. Far from it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Plan 256, from the depths of heck.

        There's more to computer software than the logos and fonts it uses.

    2. nematoad Silver badge

      Re: Plan 256, from the depths of heck.

      The current user base for Linux appear to be frustrated Windows users, hating Windows, but intent on recreating it.

      No.

      While the user base might be Windows haters, I know I am, what most people seem to want when they move to Linux is to use an OS that does what they want to do and not as some faceless corporation says you will.

      Liam Proven has often argued that there are better ways of interacting with the OS and there are plenty to chose from. What you seem to be mistaking is the fact that for a lot of people the GUI introduced by Windows95 is still the most popular and productive. Just because a lot of distros use such a GUI does not mean that people are hell-bent in recreating Windows, they are just using the tool best suited for their needs.

      It may be the MS got something right early on and people took to the desktop. By no means does that make Linux users yearn for the complexities and general cack-handedness of Windows, the Registry being a prime example. The lack of the OS 'phoning home is another reason why many chose to eschew MS's finest, and I don't see any reason why devs, and distro maintainers would shove that down our throats.

      1. klh

        Re: Plan 256, from the depths of heck.

        Registry being added to systemd is just a matter of time. Sooner or later, systemd-regedit will be your one stop shop for system configuration.

        1. David 132 Silver badge

          Re: Plan 256, from the depths of heck.

          Systemd-Powershell.

          …shudder…

      2. bazza Silver badge

        Re: Plan 256, from the depths of heck.

        The tricky thing nematoad is that Linux is now effectively defined by a faceless corporation call RedHat (IBM). They're the ones effectively in control of both the Gnome and SystemD projects. By making Linux generally dependent on projects RedHat controls, they are in a good position to do with those projects what they've done with RHEL generally (and licensing). If they want a registry like feature in Linux, you're going to be getting it pretty much regardless of what you think.

        There's also the angle that - in principle - RedHat could do with Gnome / SystemD what they've done with RHEL; pay us, and don't ask for the source code...

        1. David 132 Silver badge

          Re: Plan 256, from the depths of heck.

          Well argued, and I concur.

          I know there’s at least one (to be fair, open and helpful with it) Red Hat employee who frequents these comments, and I’ll be interested to see if your post garners a downvote…

          1. CRConrad

            Re: Downvote

            Yup, it did.

        2. Michael Strorm Silver badge

          Re: Plan 256, from the depths of heck.

          > There's also the angle that - in principle - RedHat could do with Gnome / SystemD what they've done with RHEL; pay us, and don't ask for the source code...

          Even if they could get away with that, legally speaking, there's a huge difference between blocking redistribution of a particular distribution (i.e. RHEL) and doing so with something that fundamental.

          Remember that (pre-IBM) Red Hat was the creator of systemd and clearly wanted it to be an integral part of Linux distributions in general- not just theirs- else they'd likely have restricted it in the first place. (Their motives were most likely a combination of the fact they wanted the benefits of having others help them develop the software, and because it probably wouldn't have taken off if no-one other than paid RH customers was ever able to run or develop it.)

          Regardless, were they able to effectively block free use of systemd now- or restrict it in a manner other distributions and contributors found unworkable- doing so would essentially cut off Red Hat and RHEL from the rest of the Linux community, splitting them into two separate and isolated things and resulting in (at the very least) a fork of the last free version of systemd, now outside Red Hat's control.

          IBM/RH could be left to deal with their own (effectively closed) operating system. They might be able to leach off the efforts of everyone else still working on "free" Linux, but they'd have to adapt and integrate it into their own- increasingly nonstandard- distribution on their own. Rather than lead- or coerce everyone into following what they did- they'd be in a position where they had to either follow what others were doing, or develop RHEL entirely on their own like any other closed OS developer.

          But whether or not it worked out for RH isn't really the thing here. It's that, by forcing the rest of the Linux community to go it alone regardless, and without the weight of IBM/RH pushing systemd outside their own distribution, it might also sap the impetus of the greater community to go along with something that many of them didn't want in the first place and push things in a very different (i.e. more pre-systemd) direction.

          And while I don't think any of that will ever happen, if it did, it might just be the best thing that happened to Linux in decades- Red Hat, IBM and Poettering be damned.

          1. bazza Silver badge

            Re: Plan 256, from the depths of heck.

            The problem is that the "community" is too RedHat-ish. To successfully fork it all, one would have to find a team of developers to take it on. That team likely cannot be assembled, because RedHat won't permit their employees to participate. If they own the majority of the key contributors, it's very difficult to find alternative personnel elsewhere.

            RedHat's generosity in staff is also their means of control. It's why so many other distros have sucked it up. They can't compete. Ubuntu tried for a while with their own desktop, but gave up and went back to Gnome and thence SystemD.

            If RedHat did cut off access then every other distros starts to wither and fall behind.

            1. Michael Strorm Silver badge

              Re: Plan 256, from the depths of heck.

              I agree with the first couple of paragraphs, and I'm well aware of all that, but you missed my point.

              Which was that *if*- as you suggested- IBM/RH were to effectively cut off free access to systemd of *their* own volition, they'd already have effectively forced the rest of the community to move away from- and wean themselves off- their support regardless. (*)

              But whether that would cause all other distros to "wither" is another issue, since they'd have forced them to stop following Red Hat and do their own thing, and the remainder of the Linux community would *have* to either work on their own fork of systemd or- since it was really RH that wanted systemd and used its dominance to force it on them in the first place- move towards and unite around something else.

              And even though RH dominate systemd development, it's questionable whether their own version would do as well if they had to develop it *entirely* on their own *and* if it was no longer the standard that every other Linux distro was using.

              (*) A move on such a fundamental part of the Linux ecosystem would probably result in RH in general- i.e. everything else Linux-related they do- being moved away from in a similar manner, regardless of whether they kept random dribs and drabs of the remaining distro "free".

    3. runt row raggy

      Re: Plan 256, from the depths of heck.

      love the plan 9 reference! well olayed

      1. Anonymous Coward
        Anonymous Coward

        Re: Plan 256, from the depths of heck.

        Except this lotion is rather less 'rejuvenating', and much more "It rubs the lotion on its skin, or else it gets the hose again."

        (Sorry, never let a good typo go to waste…)

  17. Dizzy Dwarf Bronze badge

    The vi/emacs war was eventually won by:

    $ systemd --run-as-Administrator notepad.exe

    1. David 132 Silver badge
      Happy

      How charmingly naïve that you think Systemd would have to launch an external executable, and wouldn't have its own text editor full-featured desktop publishing suite built-in.

      1. I ain't Spartacus Gold badge
        Trollface

        SystemD SmartSuite?

  18. steelpillow Silver badge
    Headmaster

    su who?

    su is a substitute user, as in su anotheraccount or sudo anotheraccount. It just defaults to root if you don't say who.

    For example it might be quite wise to allow someone to do su lpadmin but not plain su.

    Having said that, it is so widely used across Linux installations and documentation that p**ttering around with it just might be a step too far. Nobody can work at M$ for long without picking up a dose of hubris from some unsanitised workstation.

    1. I ain't Spartacus Gold badge

      Re: su who?

      I don't think he caught his case of severe chronic hubris syndrome at Microsoft. He was already a carrier.

  19. Zibob Bronze badge

    Jobs for the boys?

    I am ignorant of the facts, fanboyism aside, what does SystemD do better than what its replacing?

    If the answer is not instantly clear is this not just making work to keep people in a job and working in circles? And if so why and who?

    1. Anonymous Coward
      Anonymous Coward

      Re: Jobs for the boys?

      Instead of fixing perceived problems, systemd exists to instead assume the responsibility itself.

      Leaky roof? Bulldoze the house and replace it with the systemd house!

      Garage door squeaking? Knock it down. You don't need it. The systemd house has its own kind of garage!

    2. Anonymous Coward
      Anonymous Coward

      Re: Jobs for the boys?

      The init system.

      init-script authors had to copy lots of code from other scripts to support configurable user or runtime directories with approriate rights as needed.

      A unit file is much easier to create and customize.

      It doesn't need to assimilate DNS and NTP and sudo, though, I agree.

  20. t245t Silver badge
    Boffin

    SystemD is Poetterings' attempt at achieving cyber imortality

    SystemD is Poetterings' attempt at achieving cyber immortality, a form of virtual reliquary. Every-time SystemD is booted a prayer is said in silicon heaven in praise of His Immenseness /s

    It's appropriate that Poettering joined Microsoft seeing as that cutting edge SystemD uses Win3 type INI files with square brackets as section separators. Not only that, it isn't immediately obvious what its meant to do. A sample of Fortran (1957) would be clearer:

    --

    REM fortran

    program HelloWorld

    print *, 'Hello, World!'

    end program HelloWorld

    --

    SystemD service unit file named hello-world.service:

    [Unit]

    Description=Hello World Service

    [Service]

    Type=oneshot

    ExecStart=/bin/sh -c 'echo "Hello, World!"'

    [Install]

    WantedBy=multi-user.target

    We welcome constructive criticism and contributions from the community. Open-source is about collaboration, and we’re always looking to improve systemd based on real-world feedback”, Lennart Poettering

    A fish rots from the head down”, Lennart Poettering

    --

    ref:

    Zibob: “I am ignorant of the facts, fanboyism aside, what does SystemD do better than what its replacing? If the answer is not instantly clear is this not just making work to keep people in a job and working in circles? And if so why and who?”

    1. CRConrad

      Hilarious

      ...we’re always looking to improve systemd based on real-world feedback”, Lennart Poettering
      Yeah, right.

    2. that one in the corner Silver badge

      Re: SystemD is Poetterings' attempt at achieving cyber imortality

      > cutting edge SystemD uses Win3 type INI files with square brackets as section separators

      And?

      It is easy and simple to parse, and will get the job done is all you need is basic <key,value> pairs with a bit of structure (sections) if you want. If you *need* a deeply-nested structure with lots of arrays and structs on the 'value' side then there are other, more complex formats available. But aren't most (if not all) of the arguments against systemd because it keeps going the complex route?

      Are you railing against it *purely* because Windows is the most obvious originator of the format, therefore it can never be a Proper Linux Solution? But it appears all over the place - doesn't that Git config file look suspicious?

      No love here for systemd (Devuan FTW etc, as noted as far back as, oooh, Friday) but being catty about INI file format really seems like scraping the barrel for things to criticise it for.

  21. Anonymous Coward
    Anonymous Coward

    Oh fsck systemd

    Someone got to stop these idiots in RedHat.

  22. alcachofas

    The groupthink here is so strong! You’d think systemd personally shat in all of your cornflakes

    You don’t have to love it but the frothing and raging here is genuinely beyond parody.

    It’s not hard to see why people with opinions like these lost the argument.

    1. Eecahmap

      In this game of pigeon chess, don't be so sure you aren't the pigeon.

      1. alcachofas

        Except I’m not arguing the other way. I… don’t have strong feelings either way. And I have no problem with those that do but oh boy some of the commenters here are taking their pigeon chess to heart.

        1. Anonymous Coward
          Anonymous Coward

          Don't forget that it was the frothing opinionistas (in the form of RMS) who created the IP environment, under which Linux achieved world domination as the Internet platform of choice, in the face of raging legal bullying and low underhand tactics from s very deep-pocketed proprietary world. A little suspicion of the overtly anti-froth philosophy of SystemD, along with its maintainer's sellout to the biggest proprietary menace of them all, is unlikely to be passed by quietly. Capisce?

  23. Anonymous Coward
    Anonymous Coward

    As I Have Mentioned Before......................

    ................most computer users (including most Linux users) are using their computer for APPLICATIONS.

    How people get so wrapped around the axle about systend or GNOME.....I fail to understand!!

    Incidentally......personally, I hate Gnome3++. Personally I hate what happened to GTK3. .....and both of those abortions (Gnome3++ and GTK4) came from the same place!!!

    .....but to get back to the point........I've never seen or heard systemd.........tell me what you don't like about LibreOffice or gedit or Harbour or Chromium......maybe one application too far!!

  24. This post has been deleted by its author

  25. Stuart Castle Silver badge

    Getting Skynet vibes here.. I know people hate Terminator 3, but in that, Skynet was an AI designed to protect US systems against hacking, which became sentiant and attacked it's creators..

    How long before Systemd becomes sentient, and when we realise what we have created, designs and builds a a series of robots to destroy it's enemies?

  26. ibmalone
    Facepalm

    Great news!

    I'm pleased to see that SystemD with its rock-solid history in application security is taking on the field of privilege escalation. We can look forward to a future without exploits because a completely different part of the framework pulls in a random buggy or compromised library. Hallelujah!

  27. Edward Ashford

    What could possibly go wrong

    With having everything run by system?

    Half the time I was setting up sudo it wasn't to let a user run as root, it was just elevating the user to the level of the app owner.

    In systemd 257 we should maybe expect to see a registry replace all those untidy little configuration files.

  28. donwilde1

    Access control's future?

    There are three uses for Linux: desktop, embedded, and server.

    This set of changes disenfranchises the last two groups, and the desktop group is relegated to becoming hapless drones with no clue and no recourse.

    The root password was a simple and elegant mechanism, and Admin simply shot any person who wrote it down. Servers should return to this option, perhaps with physical electronic contact dongles replacing logins. As pointed out by the OP, FreeBSD is becoming the only non-physical login option remaining that preserves the secrecy method of system control.

    Embedded systems have no need of a system-level user concept. We should embrace the logic-cell-level modifiability of an FPGA and embed per-board-level changes for access configuration for whatever device-to-device communication mechanisms are required.

    So, what of the Desktop users? The changes discussed in this article suggest that only by completely preventing access to the startup code, scripts and data can we secure any given machine and it's data, so are we truly heading towards a world where nothing is left but Chromebook-like pretty terminals?

  29. Missing Semicolon Silver badge
    Devil

    "systemd now runs your sudo tasks"

    So there is now an official way to make systemd run stuff on your behalf. How long before someone finds out how to do it without being impeded by polkit?

  30. TimMaher Silver badge
    Coat

    42%

    Systemd .

    It’s the answer to life, the universe and everything.

    Mine has a towel in the pocket.

  31. Tim99 Silver badge

    Is it just me...

    ...Or has the reliability of this site got worse under the new owners? I regularly have issues with lost connections, failure to post replies, and upvoting/downvoting requiring 3+ attempts.

    I have tried to post a reply about avoiding systemd by using Devuan for about an hour. It showed up 23 minutes later.

    1. Liam Proven (Written by Reg staff) Silver badge

      Re: Is it just me...

      > ...Or has the reliability of this site got worse under the new owners?

      Which new owners are they?

      1. Tim99 Silver badge

        Re: Is it just me...

        Sorry Liam, I'm probably (very?) wrong. I believe Situation Publishing Ltd is still the publisher, with Drew Cullen as one of the owners?

        What I should have said is "... Or has the reliability of the site has got worse since it changed to more of an American focus?"

        Perhaps the servers have been relocated? I'm retired and spend most of my time in Australia. I know that we have Simon here, maybe he has noted a significant drop in the rendering performance, reliability, and generally poor responsiveness to input of the site as well? I use a Linux machine with Firefox (and reluctantly) Chrome; an M4 iMac with Safari, DuckDuckGo, and FF; and an iPad with Safari and DDG. After >40 years of writing professional-level software, initially for PC-MS-DOS, then Windows, I turned my last ever Microsoft machine off a few months ago - I noticed these issues with that too...

  32. Binraider Silver badge

    MS, terrified of losing custom to Linux, subverts Linux by hiring the already probably most hated figure in Linux to do it for them.

    I'd say alternatives are available, but platforms like Steam have to work for many Linux in home use to replace windows cases. Preferably with minimal intervention or knowledge.

    Systemd is not a shell. Why is it doing shell functions? This is precisely the BS so many of us spoke of in the land of do one thing and do it well.

    I'd dearly love to go freebsd but games catalogue is a huge issue. And we've only just started to get on top of Proton...

  33. amacater

    The comment about Red Hat / IBM forked Linux ...

    Has already happened. The end of this month will see the end of CentOS 7 which (still) powers large numbers of servers. Upgrading means cross-grading to another more modern Red Hat derivative with a (relatively) short pedigree / security track record / relatively few industry certifications or paying Red Hat large amounts of money.

    Enterprise Linux - no one ever got fired for buying Red Hat / IBM - just got much more expensive but where you need "certification" for security or regulatory purposes you may only have one choice just at the moment.

    The smart money started moving to Ubuntu / Debian / (maybe) *BSD two years ago when the writing was on the wall. If you understand systemd, then administering Debian might be as simple as learning apt instead of dnf ... the problem comes for everyone else and the services that rely on older Red Hat technology.

    Disclaimer: Debian developer and advocate (who has been arguing for more use of Debian for too many years now ... :)

  34. Yukkuri

    I love reading the flames every time systemd is mentioned. I wish you could use them like actual flames, all energy problems would be solved by just putting "systemd" somewhere in each article.

  35. nijam Silver badge

    > "Available soon in your nearest distro, now with 42 percent less Unix philosophy."

    He still doesn't understand, and now he's boasting about it. More than just a little pathetic.

  36. Michael Wojcik Silver badge

    sudo does some black magic to make the OS treat a command run by an ordinary, unprivileged user – that's you, peon – as if the superuser, "root," ran that command instead

    This is unfair, Liam. suid is a very accessible concept; calling it "black magic" does a disservice to its inventors and everyone who's implemented it subsequently. And sudo is not complicated either. Poettering's "solution" of telling a running service to execute the child on the user's behalf is actually much worse, since it doesn't trivially handle all the things that POSIX requires, like inheriting the file descriptors and environment.

    And, importantly, suid/sgid are capable of far more than just "run a command a root". The whole point of suid and sgid is that they set the effective uid or gid of the child process to the file's owner or group — which could be anything. It's often useful to have a process run as some other account, not just as the invoking user or root. And they set the effective uid/gid; the child can swap back to the saved uid/gid.

    So this systemd "innovation" offers less functionality at more effort. Yep, that's some idiot Poettering about, all right.

    1. diodesign (Written by Reg staff) Silver badge

      Sudo

      Hey, we said "some black magic". Key word "some" – and black magic isn't pejorative. That's a nice way of saying it involves some internal bits of the OS that people generally don't go near.

      If you know how that all works, great. But just as you're allowed an opinion about sudo, so are we.

      C.

    2. _andrew

      That running root process that run0 talks to?

      It's running somewhere other than $CWD and without this shell's stdout.

      I don't know why more isn't made of this. Running things "as root" is very rarely the end of the story. Usually I want to run something as root (or some other user, usually "www") in a particular place, and then do something with the output, via pipe or file. This doesn't sound as though either of those things will be possible or easy. Having all of the admin stuff actually run by a single, central process sounds a lot like DOS.

      IMO doas is almost as broken. I tried it, but went back to sudo when I discovered that it does some weirdness to force output to the controlling terminal, breaking piping and output redirection.

      Presumably systems that run systemd and therefore run0 will still be able to install the sudo package and proceed as normal. Having fork inherit the parent process' environment is the Unix philosophy in question.

  37. G40
    Devil

    Pottering … how?

    Was there never any pushback against this land grab? Fail to understand how system-d has insinuated itself so quickly. Seems to have superpowers of which a virus can only dream

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like