Re: Another system management tool to disappear.

To: debian-user@lists.debian.org
Subject: Re: Another system management tool to disappear.
From: Reco <recoverym4n@gmail.com>
Date: Sun, 30 Aug 2015 11:47:10 +0300
Message-id: <[🔎] 20150830114710.584e7a2dc67c14dd708364b8@gmail.com>
In-reply-to: <[🔎] 201508292030.58342.gheskett@wdtv.com>
References: <[🔎] 20150828111611.527f2995@ron.cerrocora.org> <[🔎] 201508290949.55610.gheskett@wdtv.com> <[🔎] 20150829173907.5dbc72877f925d25664af9c1@gmail.com> <[🔎] 201508292030.58342.gheskett@wdtv.com>

 Hi.

On Sat, 29 Aug 2015 20:30:58 -0400
Gene Heskett <gheskett@wdtv.com> wrote:

> On Saturday 29 August 2015 10:39:07 Reco wrote:
> 
> >  Hi.
> >
> > On Sat, 29 Aug 2015 09:49:55 -0400
> >
> > Gene Heskett <gheskett@wdtv.com> wrote:
> > > > > If su goes away, IMNSHO, it will be such a PITA that it will
> > > > > encourage far more people to just give up and run their machines
> > > > > as root full time.  And I don't believe for a millisecond that
> > > > > is the effect intended.
> > > >
> > > > They provide some systemd-specific kludge instead of su. So it's
> > > > not that bad.
> > >
> > > I don't recall recognizing that being discussed yet.
> >
> > Please read the bugreport. It's all there.
> >
> > https://github.com/systemd/systemd/issues/825
> >
> > > > And, given the current systemd adoption rate in Debian, I'd say
> > > > that we, stable users, have 3-4 years before that "machinectl
> > > > login" thing will be available to us.
> > > >
> > > > > So, if su goes away,  how do I accomplish those tasks in a
> > > > > suitable manner that will not bore a hole in the user sandbox?
> > > >
> > > > If it comes to this (i.e 'su' will go away) - I just use busybox
> > > > (which has perfectly working implementation of su without the
> > > > fancy bits). I.e.
> > > >
> > > > busybox su -
> > >
> > > Command not found. Wheezy 32 bit install.
> >
> > Obviously for this command to work it's required to install busybox.
> > I'd recommend busybox-static package.
> >
> > Reco
> 
> Installed it, suid problems:
> 
> gene@coyote:~$ busybox su amanda
> su: must be suid to work properly
> gene@coyote:~$ busybox su -
> su: must be suid to work properly
> 
> Is it still finding the system su first?

No. The 'problem' is exactly what it tolds. Meaning:

1) "Original" su is suid root-owned binary:

$ ls -la /bin/su
-rwsr-xr-x 1 root root 40168 Nov 21  2014 /bin/su

2) Busybox, on the other hand - is not:

$ ls -la /bin/busybox
-rwxr-xr-x 1 root root 1837008 Feb 19  2015 /bin/busybox


So, *root*-invoked "busybox su" should behave exactly like original
"su". Everyone other than root are told to get lost.

Note that:

1) Setting suid bit on busybox is *extremely* bad idea. Don't do it
ever do it (as busybox provides *much* more than su).

2) Your way of using su you've described should not be affected by this
little inconvinience as you become root first, and do su second.

Reco

Reply to:

Follow-Ups:
- Re: Another system management tool to disappear.
  - From: Gene Heskett <gheskett@wdtv.com>
- Re: Another system management tool to disappear.
  - From: Joel Rees <joel.rees@gmail.com>

References:
- Another system management tool to disappear.
  - From: Renaud (Ron) OLGIATI <renaud@olgiati-in-paraguay.org>
- Re: Another system management tool to disappear.
  - From: Gene Heskett <gheskett@wdtv.com>
- Re: Another system management tool to disappear.
  - From: Reco <recoverym4n@gmail.com>
- Re: Another system management tool to disappear.
  - From: Gene Heskett <gheskett@wdtv.com>

Prev by Date: Re: Another system management tool to disappear.
Next by Date: Re: laptop protection in an office network
Previous by thread: Re: Another system management tool to disappear.
Next by thread: Re: Another system management tool to disappear.
Index(es):
- Date
- Thread