This is heartbreaking rather than a show. Replace everything that used to work reliably for so many years with what clueless beginners want!
The plague has come, but not in the form of a deadly bacterium, but in the new trend of, "sacrificing function for fashion". On 29/08/2015, Rainer Weikusat <rainerweiku...@virginmedia.com> wrote: > Matteo Panella <m.pane...@level28.org> writes: >> On 28/08/2015 17:32, Laurent Bercot wrote: >>> On 28/08/2015 17:00, Michael Bütow wrote: >>>> https://tlhp.cf/lennart-poettering-su/ >>> >>> The thing is, he's not entirely wrong: su *is*, really, a >>> broken concept. >> >> On a desktop system with current constraints (XDG env vars, X11 >> sockets...) I'd agree, but that's hardly su's fault. >> >> On a server, tough, it just does its job nicely (unless you need strict >> audit of root-level actions, in which case sudo with a MAC system should >> be your starting point). > > 'su' is a somewhat generic setuid-0 program: It changes the uid and the > gids associated with itself to the ones for a certain user and then > executes a shell. In addition to that, it contains another "random > environment munger" with features someone happend to consider useful for > the su use cases he envisioned. If this happens to be what enables > someone else to achieve something he wanted to achieve, 'su' can > obviously be used for that. If not, then not. But the reason why su is > only of limited usefulness is not because the hardcoded policy isn't > complicated enough to include > > $random_thing_someone_called_lennart_also_wants > > for every conceivable value of the variable but because it has a > hardcoded policy at all and the solution is not "implement another, > random environment munger more to tastes of ..." but split it apart: > Have a program which changes uids and gids and executes another > program. Another program for the become root via setuid and execute > ... part. And a third program (or any number of such programs) to > perform other modifications of the execution environment. > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
