Hi Matteo,

On 08/29/2015 02:53 PM, Matteo Panella wrote:
> [...]
> On a server, tough, it just does its job nicely (unless you need
> strict audit of root-level actions, in which case sudo with a MAC
> system should be your starting point).
>
> So much noise (and security-critical code) for nothing.

If systemd needs an own program "get me a shell for user X" for their
scripts, that accomplishes a very specific setup, specific envvar
filtering and such, why not? The developers are free to create what
they want and need.

As a C programmer, i code stuff like that all the time, when i need
specific signal handling, a clean environment, fd and terminal setup...
and if i had a lot of work with it, on a bad day, I probably ranted on
some existing software in a release note as well (why can't it do
this, why do i have to code this at all, blahblah).

As a shell script programmer, i use "su" rarely; interactively i use
it quite often, and i have no problem with it, if i distinguish "su"
from "su -" and keep in mind when to use which.

If i personally wanted to write such a "give me a shell" command,
i would have different priorities, and it would do different stuff
that exactly fits they way i want to work. It would be less universal
than what "su" is now, and, being tested just by me, probably less
secure. Therefore i would not think of it as a replacement of the
"su" command, and if i published it, i would not label it as such.

Kind regards,
T.