Le quartidi 14 fructidor, an CCXXIII, Lisi Reisz a écrit : > Then I have misunderstood, which does not surprise me. With all the disinformation flying around when it comes to systemd, it is hardly surprising. > What is the alternative to su that there is so much fuss about? And I don't > care about the session ending function it apparently has. Well, it may happen that some day you will be glad it has it, and until then, it is very unlikely to get in your way in any way. > <su> will change > me to root and <su $USER> will change me to the user. The thing is, when you are switching user like that, there is a lot of black magic going on inside the TTY layer of the kernel to ensure that it seems to work like it always do: ctrl-C to interrupt the program, ctrl-Z to suspend it, input going to the correct command, etc. Furthermore, the new user is a spawn of the old user's process, and as such it inherits most of its environment. This kind of black magic is quite annoying for people designing systems because it makes auditing for security that much harder: what if the users destroys the tty at the wrong time? what if the user sets the LC_SOMETHING variable to a strange valuue? su implementations try to sanitize the environment, but there have been various failures in the past that have resulted in security issues. I have not looked at how machinectl shell works, but my guess is that it works like a lightweight local SSH: the new user and the old user are not related as processes, they only communicate through a socket. The new user process is started by systemd, with a sane and controlled environment. With a more isolated and controlled model like that, security audit is much easier. > Is that what people > fear will disappear? And what do they fear will be put in its place? (Yes, > I understand that so far it is in addition, not instead of, but what is the > fuss about? What has Lennart proposed?) I would not like to make cheap psychology, but I have the impression that a lot of people flying mud against systemd are actually afraid that the knowledge and competence they accumulated over the years will become obsolete. There are valid criticisms to be made against systemd, both on a technical and political level. I myself find it too complex over-engineered. But still, the old init system was completely braindead (more on that on demand), and systemd is the only revamp that managed to get traction while getting in the right direction of having an init system with an actual brain. Regards, -- Nicolas George
Attachment:
signature.asc
Description: Digital signature