Author: tilt! Date: To: dng Subject: Re: [DNG]
The show goes on: “su” command replacement merged into systemd on Fedora Rawhide
Hi Matteo,
On 08/29/2015 02:53 PM, Matteo Panella wrote: > [...]
> On a server, tough, it just does its job nicely (unless you need
> strict audit of root-level actions, in which case sudo with a MAC
> system should be your starting point).
>
> So much noise (and security-critical code) for nothing.
If systemd needs an own program "get me a shell for user X" for their
scripts, that accomplishes a very specific setup, specific envvar
filtering and such, why not? The developers are free to create what
they want and need.
As a C programmer, i code stuff like that all the time, when i need
specific signal handling, a clean environment, fd and terminal setup...
and if i had a lot of work with it, on a bad day, I probably ranted on
some existing software in a release note as well (why can't it do
this, why do i have to code this at all, blahblah).
As a shell script programmer, i use "su" rarely; interactively i use
it quite often, and i have no problem with it, if i distinguish "su"
from "su -" and keep in mind when to use which.
If i personally wanted to write such a "give me a shell" command,
i would have different priorities, and it would do different stuff
that exactly fits they way i want to work. It would be less universal
than what "su" is now, and, being tested just by me, probably less
secure. Therefore i would not think of it as a replacement of the
"su" command, and if i published it, i would not label it as such.