logo

blog

My website can't be that messy, right? git clone https://anongit.hacktivis.me/git/blog.git/

systemd-eated-su.xhtml (4448B)


  1. <article xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
  2. <a class="u-url" href="/articles/systemd-eated-su"><h1 class="p-name">Lennart Poettering merged “su” command replacement into systemd: Test Drive on Fedora Rawhide</h1></a>
  3. <p><a href="https://tlhp.cf/lennart-poettering-su/">“Original” Article</a></p>
  4. <blockquote>Well, there have been long discussions about this, but the problem is that what "<code>su</code>" is supposed to do is very unclear. On one hand it's supposed to open a new session and change a number of execution context parameters (`<code>uid</code>`, `<code>gid</code>`, `<code>env</code>`, ...), and on the other it's supposed to inherit a lot concepts from the originating session (`<code>tty</code>`, `<code>cgroup</code>`, `<code>audit</code>`, ...). Since this is so weakly defined it's a really weird mix&amp;match of old and new paramters.</blockquote>
  5. <p>Pretty clear, it ask for root or specified user password, launches a shell. If <code>-</code>, <code>-l</code>, <code>--login</code> is put it starts a new environement before starting the shell.</p>
  6. <blockquote>To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes `XDG_RUNTIME_DIR`, specifically because `XDG_RUNTIME_DIR` is actually bound to the `session/audit` runtime and those we do not transition. Instead we simply unset it.</blockquote>
  7. <p>Ah, of course desktop crap in the userland… And crappy explanation, maybe you should patent and copyreich that in case. ᕕ(ᐛ)ᕗ</p>
  8. <blockquote><pre><code>$ <kbd>cat /etc/os-release</kbd>
  9. <samp>NAME=Fedora VERSION="24 (Workstation Edition)"
  10. ID=fedora
  11. VERSION_ID=24
  12. PRETTY_NAME="Fedora 24 (Workstation Edition)"
  13. ANSI_COLOR="0;34"
  14. CPE_NAME="cpe:/o:fedoraproject:fedora:24"
  15. HOME_URL="https://fedoraproject.org/"
  16. BUG_REPORT_URL="https://bugzilla.redhat.com/"
  17. REDHAT_BUGZILLA_PRODUCT="Fedora"
  18. REDHAT_BUGZILLA_PRODUCT_VERSION=Rawhide
  19. REDHAT_SUPPORT_PRODUCT="Fedora"
  20. REDHAT_SUPPORT_PRODUCT_VERSION=Rawhide
  21. PRIVACY_POLICY_URL=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
  22. VARIANT="Workstation Edition"
  23. VARIANT_ID=workstation
  24. </samp>$ <kbd>systemctl --version</kbd>
  25. <samp>systemd 225
  26. +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN</samp></code></pre></blockquote>
  27. <p>Okay here’s the same shit from a non voided system. Let’s share. ;D</p>
  28. <pre><code>
  29. % <kbd>cat /etc/os-release</kbd>
  30. <samp>ID=gentoo
  31. PRETTY_NAME="Gentoo/Linux"
  32. ANSI_COLOR="1;32"
  33. HOME_URL="http://www.gentoo.org/"
  34. SUPPORT_URL="http://www.gentoo.org/main/en/support.xml"
  35. BUG_REPORT_URL="https://bugs.gentoo.org/"
  36. </samp>% <kbd>rc --version</kbd>
  37. <samp>rc (OpenRC) 0.17 (Gentoo Linux)
  38. </samp></code></pre>
  39. <p>Anyway, let’s continue</p>
  40. <blockquote>
  41. $ machinectl shell
  42. Connected to the local host. Press ^] three times within 1s to exit session.
  43. </blockquote>
  44. <p>Okay even worse binding than Escape-Meta-Alt-Control-Shift(EMACS), fuck stty eof(^D), fuck POSIX, fuck quick and intuitive commands(shell for login, hell yeah), yes rude mode is activated.</p>
  45. <blockquote>
  46. It works! We can work as superuser. And isn’t end: we can also set shell and host:
  47. <code>$ <kbd>machinectl shell root@.host /bin/bash</kbd></code>
  48. </blockquote>
  49. <p>Wait… ssh is crap too? Why is there a dot before the host(maybe fuck localhost too…)?</p>
  50. <blockquote>
  51. Login as non-root user and set variable of shell environment:
  52. <code>#1000 - UID of user `paul`
  53. #SYSTEMD_TEST - test variable of user environment
  54. $ <kbd>machinectl shell --uid 1000 --setenv="SYSTEMD_TEST=777"</kbd></code>
  55. </blockquote>
  56. <p>’Kay so starting another $SHELL and export VAR=VARIABLE too ?</p>
  57. <blockquote><code>$ <kbd>sudo systemd-run -p CPUQuota=50% -p PAMName=login -t /bin/bash -c '/usr/bin/stress -c 4'</kbd></code></blockquote>
  58. <p>Ah! So after saying cgroups is awesome… you goes with quota on the CPU… well maybe that’s called evolution… ? Why are you using login, you created machinectl for nothing? Why are you using -p options like a replacement to args… o_O<br />
  59. Well this command is full of fuck(not the very great program which among other thing uses… sudo with the last command :D)</p>
  60. <p>I wonder when you will eat Emacs(meta-OS), build your own kernel because fuck UNIX so we can 🖖“live long an prosper” with (GNU/)Linux and BSD and you with SystemDOS.</p>
  61. </article>