As it is running sudo with a long process is annoying missing and having to reenter my password or missing and the process timing out if I go afk to wait, I can’t imagine having to type my password every few moments when I run an upgrade. Surely this is not the pitch. This is already looking dead in the water if so, and god help me if I have to remember to type run0.
run0 is just an alias for a part of systemd, so installing doas too would be useless bloat. Another thing to note is that doas is just smaller sudo, you still wouldn’t use 99 % of its features.
edit: also from my totally surface level understanding both sudo and doas “elevate your privileges” which is supposedly unnecessary attack surface. run0 does it in a better way which I do not understand.
also from my totally surface level understanding both sudo and doas “elevate your privileges” which is supposedly unnecessary attack surface. run0 does it in a better way which I do not understand.
sudo and doasare setuid binaries, a special privileged bit to tell the kernel that this binary is not run as the user starting it, but as the owner. A lot of care has to be incorporated into these to make sure you don’t escalate your privileges as the default interface is very limited, being a single bit.
Another issue with this approach is that since you’re running this from your shell, the process will by default inherit all environment variables, which can be convenient, but also annoying (since a privileged process might write into your $HOME) or upright dangerous.
run0doesn’t use that mechanism. systemd is, being a service manager at its core, something launching binaries in specialized environments, e.g. it will start an nginx process under the nginx user with a private tmp, protecting the system from writes by that service, maybe restrict it to a given address family etc. So the infrastructure to launch processes – even for users via systemd-run– is already there. run0 just goes one step further and implements an interface to request to start elevated (or rather with permissions different from their own) processes from a user’s shell.
Classic solutions do it like this:
user starts binary with setuid (let’s say sudo) that runs with root (because that’s the owner of the binary) privileges in their shell. Since this is a child process of their shell, it inherits all environment variables by default.
sudochecks /etc/sudoers if that user is authorized to perform the requested action and either denies the request, performs it or asks for authentication.
a new process is spawned from it, again inheriting the environment variables that were not cleaned, as you can’t get rid of variables by forking (this is often an issue if you have services that have their secrets configured via environment variables)
With run0:
user starts run0 binary as a user process. This process inherits the environment variables.
run0 forwards the user’s request via interface to the running systemd process (pid 1 I guess). That process however does not inherit any variables by default, since it was started outside the user’s shell.
systemd checks if the user who started the run0 binary is allowed to perform the requested operation and again, either denies the request, performs it or asks for authentication.
a new process is spawned from it, but it will only receive the environment variables that were explicitly requested as there’s no inheritance.
At least that’s my understanding, I haven’t looked too much into it or used it yet.
the pid1 part is wrong, only the systemd-init run in pid1, in it’s own process, own binary etc, it’s sole purpose is being an init system, after that it start the rest of the system, including the others systemd binaries
the rest is perfect thanks!, in the lennart he made a comparation with ssh were you “forward the commad to run as root”, i think it’s a good analogy
. run0 does it in a better way which I do not understand.
it does that in a “ssh like” that i read in the blog, they foward your commands, they don’t elevate your user, they also use polkit for security intead of sudoers
The original problem was to automagically prompt the user for password, if he tried to run some systemd executable without the wheel privileges. At some point they decided to reuse the code for [a command that allows you to run stuff as root] replacement because sudo is too bloated and vulnerable.
imo it’s kinda like bash’s bloatness. Sure, I’d use a less bloated shell but I need bash as a bash interpreter regardless, so using a smaller shell would actually be more bloat. In a similar way you already have systemd, so you don’t really gain any more bloat by having this alias for systemd-run or how it’s called.
If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.
Doing this every day just to open email is understandably fucking enraging even to me as a security “”“engineer”“”/analyst/${bullshitblueteamemailreaderjob}
Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.
No, it’ll just be yet another pile of bloat that’ll separate IBM distros and their followers (rhel, fedora, centos, debian, arch) from the rest (alpine, void, gentoo, devuan, *BSD).
Btw can RH as the biggest contributor to systemd make it paid like it did with RHEL? Then it’s going to be the death of the free and independent Linux desktop for quite a while.
They’ve only made it harder for other parties to freely benefit from RHEL’s hard work
True but they still can find something to hurt everyone. Not like I think it will happen but it is a problem with centralization and a company being behind a big and important product.
The bold parts include a false claim; i.e. Red Hat made RHEL paid.. So it’s perfectly possible to include a lie, piece of misinformation and/or straight up FUD within a question.
True but they still can find something to hurt everyone. Not like I think it will happen but it is a problem with centralization and a company being behind a big and important product.
I agree with you that Red Hat is indeed way too powerful in this realm. Hence, there will inevitably always be the fear that they might (somehow) misuse their power. So far, they’ve been mostly benevolent and I hope it will stay that way. There’s no fault at being cautious, but this should never lead us towards toxic behavior.
The bold parts include a false claim; i.e. Red Hat made RHEL paid..
Isn’t it? And for distro devs access to the source code is the only thing that matters. I am quite sure it is paid.
There’s no fault at being cautious, but this should never lead us towards toxic behavior.
I agree but I think you are the toxic one here. You boldly accuse a kinda new Linux user that asks a question in sharing misinformation and being toxic. I kinda get the first part but the second? You either don’t know what toxicity is or you’re just being toxic.
No-cost RHEL is accessible for individuals or small teams up to 16 devices. RHEL is paid for enterprises and businesses because of its support; which also includes (exclusive) articles and documentation.
You made it seem as if you were regurgitating the common line of misinformation when last year Red Hat changed how access to RHEL’s source code worked.
That regurgitated statement is misinformation. Besides that event, which actually didn’t make RHEL paid, I’m unaware of Red Hat retroactively changing a formerly free service to cost money instead.
And for distro devs access to the source code is the only thing that matters.
Do you mean the people working on Oracle Linux, AlmaLinux OS and/or Rocky Linux? Or did you actually primarily imply others? If so, could you elaborate?
but I think you are the toxic one here.
😅. Sorry, this is just not very productive. But, I will try to be more careful with the language I use when communicating with you 😉.
You boldly accuse a kinda new Linux user that asks a question in sharing misinformation
If, with your earlier statement, you meant the whole RHEL source code fiasco from last year, then that’s plain misinformation. And if you share that, then that’s sharing misinformation.
I prefer open conversation in which we can communicate directly. If you’re sensitive to that, then I will abstain from doing so when I’m interacting with you.
and being toxic.
At worst, I only implied it. At best, it’s a general advice directed towards anyone that happens to read it. To be clear, I didn’t intend to attack you. So no need to be offended. Nor should you take it personally.
Finally, as this comment of yours clearly shows, you’re at least somewhat susceptible to misunderstand the writing of others. Ain’t we all to some degree? Though…, (perhaps) some more than others. Regardless, likewise, without trying to offend you or whatsoever, I would like to propose the idea that you might have jumped to conclusions that you didn’t have to necessarily.
If IBM makes redhat do something that greedy and stupid (it’d be more likely to happen with a distribution like fedora or centos than userland components), we have plenty of existing infrastructure to fall back on.
(it’d be more likely to happen with a distribution like fedora or centos than userland components
I mean, if they make an actual workstation distro and kill systemd’s real FOSS nature, everyone else will have to spend some time rebuilding their distros with other init systems. That’ll be quite a sabotage.
You are not wrong. IBM management paralleled in the same cash-grab and exit C-suite functions that has consumed Redhat. That is why the merger happened.
Soon, Purple Hat should be charging for systemd and hopefully other corpos and organizations will move back to sanity.
Unless otherwise noted, the systemd project sources are licensed under the terms and conditions of LGPL-2.1-or-later (GNU Lesser General Public License v2.1 or later).
New sources that cannot be distributed under LGPL-2.1-or-later will no longer be accepted for inclusion in the systemd project to maintain license uniformity.
I can understand critism of systemd for its tools only working with itself and not with any other Unix tools. But it’s absolutely a conspiracy theory to think they’d want to charge for systemd. Though I do agree that if someone was charging for systemd (which they can’t because its open source), open source alternatives would pop up.
RedHat is not restricting access to any upstream project. They package things in extremely stable form, which means they need to manage like all the software themselves and do tons of backports, as normally software just releases new versions.
They restrict access to these packages.
So yes, their 5 years old systemd with backported security fixes may be restricted. But not the normal systemd you can install anywhere.
No, it’s licensed under the LGPL, which means source code can be freely distributed and distros would continue to package it for free no matter how hard Redhat tried to paywall it.
And neither Arch, nor Ubuntu, nor Debian, nor OpenSUSE, nor any other distro using systemd belongs to IBM.
Where did I say they belong to IBM?
Sure, the centralization is pretty damn bad. But for example replacing sudo is needed.
We already have doas, which is such a simple codebase I’d have a hard time imagining it contains a bug that leads to setuid being a problem. run0’s codebase size on the other hand…
systemd nightmare needs to end. Too many broken garbage from malicious actors within the opensource community.
Just as an experiment, get every distro to have at least 2 or 3 SysVInit / runit / rc.init alternatives, and you will see a MASS Migration back to SysVInit. Bash/shell script init functions were really dead simple and almost unbreakable/hackerproof.
Systemd really needs to be thrown in the garbage dumps of history so we can finally have a UNIX-like boot back.
Corpo sabotage of opensource. So many community projects are under the thumb of corpo insiders. It was a “cash-grab” a way to shoehorn and takeover an essential but mostly unchanged and stable Init system. And they shimmed that into everything they could ram it into with no options or alternatives.
What exactly did companies gain from making Linux distros switch over to systemd?
If anything, the switch ment a loss of productivity as their staff needed to relearn stuff, not to mention loss of technical knowledge as there would be others who simply would not accept the change and leave the company when the change happened.
This means increased costs, either due to retraining, or due to needing to hire new staff which is expensive.
Meanwhile, I can’t see anything that would mean that companies would earn or even save enough money to make it worth the effort of making distros implement systemd.
Ok so doing it for direct gain seems to be out, but you mention “corpo sabotage of opensource”, I can’t really see that either, a developer won’t move a successful Linux project to Windows, AIX, Solaris, Darwin or HP-UX just because of a move to systemd.
So even indirect gain seems to be out, so “corpo sabotage” doesn’t really seem plausible.
But, I may be wrong, please, tell us how exactly a move to systemd has benefited companies enough that it would make the effort and expense to make a distro move to sytemd, let alone a majority of distros, worth it.
But, I may be wrong, please, tell us how exactly a move to systemd has benefited companies enough that it would make the effort and expense to make a distro move to sytemd, let alone a majority of distros, worth it.
you’re putting to much thought in something that even the guy who you’re asking didn’t
As someone who writes bash scripts, fuck no, this is a terrible language and it shouldn’t be used for anything more complex than sticking two programs together.
Also, parallelism goes right out of the window.
Maybe you’d convince me with a real programming language.
Any time I see a grognard seriously suggest going back to bash for anything exceeding 10 lines of code it makes me very happy none of them are in control.
For clarity, because the obnoxious ones out there didn’t get it, this refers to how Arch, Debian, Fedora and most other distros just default to systemd and hence can (and probably will) make use of run0. While, on the other hand, distros like Alpine, Artix, Devuan, Void and others (including *BSD-systems) will not. For distros with no defaults (e.g. Gentoo), the user gets to decide.