On Sun, Sep 6, 2015 at 6:51 AM, Tom H <tomh0...@gmail.com> wrote: > On Sat, Sep 5, 2015 at 10:42 AM, Nico Kadel-Garcia <nka...@gmail.com> wrote: >> On Sat, Sep 5, 2015 at 4:52 AM, Tom H <tomh0...@gmail.com> wrote: > > >>> systemd introduced "machinectl shell localhost" in systemd 225 that >>> essentially does the same as "ssh localhost" from an env perspective. >>> >>> Since it's being rebased to 219 for SL 7.2, perhaps that command'll be >>> included in SL 7.4 with a systemd 22x (or it might be backported at >>> some point...). >> >> systemd's tendency to find a particular issue with a known, stable >> toolkit and then bolt it onto systemd is scaring the tar out of me. >> Attempting to replace su or sudo seems to be yet another example of >> this. The subject has been discussed, heatedly, in the Fedora mailing >> list. > > AFAIR there was a systemd-devel@ thread and various bug reports about > people having a problem with su/sudo when using them to launch X apps > because XDG_RUNTIME_DIR was the su-ing/sudo-ing user's and perms of > XDG_RUNTIME_DIR or of its contents were being changed to root because > that directory couldn't be changed within a session. > > So the problem's that su doesn't create a new login session but su was > never intended for this. Its man page even says "The su command is > used to become another user during a login session".
Right. "su" doesn't. "sudo" can, by setting /etc/sudoers or /etc/sudoers.d options. > Lennart P offered to change the behavior of "su -l" and "sudo -i" via > a pam argument to create a new session. I don't remember anyone > writing a patch to put this change into motion and I assume that > distros have been working around the problem for launching their > various DEs' system-settings apps. There are various approaches. They relied on using small, known, tested tools and worked *within* those tools to leverage the desired behavior. > I don't know why the pam patch never materialized but, more or less > two years later, using machinectl to switch users must've seemed > natural. AFAIUI it looks like a login to localhost-as-a-container. Yeah. The problem is that it's adding a systemd only compatible tool, which means Linux only, to create Yet Another Root Access Tool(tm). > But the change was introduced with an "su is broken" meme when it > would've been more accurate to say "using su as gksu is broken" or > "using su to launch an X app is broken" because using su/sudo at the > command line's fine. systemd upstream must like to shoot itself in the > foot communication-wise. Yeah. >> I'm afraid that su replacement looks like a Linux-only major security >> problem begging to happen. > > There's "doas" in openbsd so "we" aren't the only ones with an OS-specific > tool. I've not been running OpenBSD for some time, but I believe you. That one actually looks interesting, and I'd have more confidence in it with its very small and limited behavior than I would with integrating "su" like behavior into the growing Sargasso Sea of accumulated debris that is systemd.