this post was submitted on 13 Apr 2024
229 points (84.6% liked)

linuxmemes

21197 readers
67 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     

    Credit for the answer used in the right panel: https://serverfault.com/a/841150

    top 50 comments
    sorted by: hot top controversial new old
    [–] [email protected] 86 points 6 months ago (11 children)

    When you hate something so much you have to find weird corner cases to support your views. Even then the way described isn’t how someone who knows that they are doing would do.

    The best way for an unprivileged user to manage a service is for that user to run it. That way you inherit the correct permissions / acls / selinux contexts.

    The command to do so is:

    systemctl --user start the_service.service

    [–] [email protected] 11 points 6 months ago* (last edited 6 months ago) (3 children)

    What if multiple users have to manage that service?

    Edit: nvrmnd, pretty sure the runnit solution won't allow this either, your answer is correct. What about while the service is already running? Wouldn't your solution require a restart?

    [–] [email protected] 12 points 6 months ago (1 children)

    If the service is already running it has to be stopped as a system service and run as a user service. In order to ensure that the service inherits all the correct permissions / acls / se linux policies the service needs to be launched from the limited permissions context.

    With the systemd approach you’re not just passing a control handle around. You’re ensuring the process is running under an appropriate security context.

    If you want to let multiple users manage the user systems service, I would probably go with sudo and systemd user files. You could create a group which has sudo access etc. The important idea is that an unprivileged user controls an unprivileged service.

    [–] [email protected] 3 points 6 months ago

    With the systemd approach

    What about this makes it "the systemd approach"? runit supports user services too. These are just two different tasks that are needed in different contexts. Sometimes what you need is to "pass a control handle around" to a privileged service. And sometimes you need to actually make a service unprivileged.

    [–] [email protected] 5 points 6 months ago* (last edited 6 months ago)

    pretty sure the runnit solution won’t allow this either

    I'm no expert, but I think you could make a special group, set the supervise directory to be owned by that group, and add all relevant users to that group? Either way, as I explained in a different reply, running the service as a user vs letting that user control a root service are completely different things, and one is not always a substitute for the other.

    [–] [email protected] 4 points 6 months ago* (last edited 6 months ago)

    A generic stack overflow answer:

    Do you REALLY need multiple users to manage that service? Maybe it's better to have multiple instances of that service and.... (This goes on and on)

    load more comments (10 replies)
    [–] [email protected] 44 points 6 months ago (1 children)

    he's trying to run the service as a user without run sudo, good luck trying that with runit

    [–] [email protected] 2 points 6 months ago (1 children)
    [–] [email protected] 2 points 6 months ago

    he don't want to log as root, so a root shell isn't what he want

    [–] [email protected] 41 points 6 months ago* (last edited 6 months ago)

    And people who like systemd just thought of the first part of the answer which is exactly what the asker ended up doing.

    Which is basically the same as the runit way while putting everything in the user's directory.

    [–] [email protected] 28 points 6 months ago (5 children)
    load more comments (5 replies)
    [–] [email protected] 24 points 6 months ago

    Big news (from 2017): debian held back software features because someone doesn't like the new way of doing things. Let's blame systemd for this unprecedented case.

    What's wrong with giving access to the specific sudo command, as suggested in the other answers?

    [–] [email protected] 22 points 6 months ago (1 children)

    How is chown-R someuser different from systemctl—user?

    [–] [email protected] 24 points 6 months ago

    one is giving the permission to manage the system service to a specific user, the other is running the service as the current user so they have permission to manage it by default

    [–] [email protected] 12 points 6 months ago (1 children)

    I'm gonna fuck up my desktop now breaking away from systemd

    [–] [email protected] 7 points 6 months ago (1 children)

    Yeah, I would switch off, but it just doesn't seem worth the effort for something I rarely interact with.

    [–] [email protected] 11 points 6 months ago

    If it’s providing you the functionality you want using an overhead you’re fine with, there’s no reason to change it.

    [–] [email protected] 11 points 6 months ago (2 children)

    I'm using Debian without ever having been involved in the init-wars. What's wrong with Systemd and why should i not use it?

    [–] [email protected] 4 points 6 months ago (1 children)

    I'd like to know too, a ELI5 version if possible. Somethingsomething monolithic, but what does that actually mean for me as an end user?

    [–] [email protected] 9 points 6 months ago (1 children)

    In my personal opinion, correct me if I'm wrong:

    Systemd was created to replace the init system, then through extreme scope creep took over way more than wanted and needed, the main developer was "problematic" to say it politically correct, and in practice it has over complicated many super easy tasks to the point that I hate it. Other init systems were intuitive, systemd is all but.

    Few weeks ago I setup a systemd server ssh server. Changing the port would be 5 seconds in changing a line in the sshd config, but now with the new and improved systemd I need to follow some nightmare documentation into creating systemd files in unrelated places and reload configs or something and I'm done with it

    load more comments (1 replies)
    [–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

    If you've never had a reason to not use it, then it's fine to continue using it. Systemd has been shown to be more or less stable, fast, and secure. The reason I don't like it is because it makes simple things really complicated. Some examples:

    • The meme
    • u/[email protected] example with sshd
    • Distros that use systemd init also seems to prefer using other systemd components as well. So you can get caught in weird situations where one task is spread across two different systems (e.g. systemd timers vs cron, systemd-elogind vs acpid)

    If none of these sound familiar, then switching to a non-systemd distro likely won't make your life easier. But if you do, then it might be worth considering.

    [–] [email protected] 6 points 6 months ago

    And how do you do this in gnu shepherd?

    You don't!

    [–] [email protected] 6 points 6 months ago* (last edited 6 months ago) (2 children)

    I'm out of the loop. The answer that references "one person's personal opinion" is from 2017, and the context it links to is from 2016. Surely things have changed since then, right?

    .. Right?

    (I'm genuinely asking, I've got no idea)

    Edit: I just checked on Linux Mint 21.3. It's still on the same version as back then, 0.105. Well, Debian is nothing if not sable!

    [–] [email protected] 3 points 6 months ago (1 children)

    Bookworm looks to be on version 122, so as downstream distros update to newer Debian versions, it should be updated now

    [–] [email protected] 1 points 6 months ago (1 children)

    Mint 21.3 is based on Debian Bookworm (via Ubuntu 22.04, not counting LMDE of course). I don't know what you're looking at and I also don't fully know how this works, but what you said doesn't seem to be the case.

    [–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

    Ubuntu 22.04 is long before Bookworm

    It looks like Ubuntu pulled in Bookworm’s version in 23.10

    If Mint is sticking to LTS Ubuntu versions, it will get it whenever it rebases on top of Ubuntu 24.04

    Edit: Debian (Bookworm) polkitd version 122: https://packages.debian.org/bookworm/polkitd

    Ubuntu 22.04 polkitd version 105: https://packages.ubuntu.com/jammy/polkitd

    Ubuntu 24.04 pre-release polkitd version 124: https://packages.ubuntu.com/noble/polkitd

    [–] [email protected] 2 points 6 months ago (1 children)

    Very well, you seem to definitely know this stuff better than me! I based my comment on this answer and getting this myself on Mint 21.3:

    $ cat /etc/debian_version 
    bookworm/sid
    

    But reading a bit closer, I think this is the key part:

    That's how, for example, Ubuntu 20.04, released in April 2020, can be based on Debian 11 "Bullseye", which was released in August 2021.

    So Ubuntu probably pulled Bookworm before it was released, and before it upgraded policykit. But it's still to some extent based on Bookworm. Does that sound right?

    [–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

    Yeah, Ubuntu pulls in the development version of Debian

    “Sid” is the unstable name for Debian - where packages are being tested for the next release

    Debian Bookworm was released 2023

    Ubuntu LTS and Debian have tended to release on a two year cadence offset by a year

    • Debian Stretch (2017)
    • Ubuntu 18.04 (2018)
    • Debian Buster (2019)
    • Ubuntu 20.04 (2020)
    • Debian Bullseye (2021)
    • Ubuntu 22.04 (2022)
    • Debian Bookworm (2023)
    • Ubuntu 24.04 (2024)
    [–] [email protected] 1 points 6 months ago

    lol, I didn't even attempt to read the full thing. But now you made me curious.

    But only curious. I don't feel smart enough to read and comprehend the entire thing.

    [–] [email protected] 5 points 6 months ago (2 children)

    Is it r-unit, or run-it?

    I've read it as r-unit for so long and now I've only just realised that run-it makes far more sense

    [–] [email protected] 3 points 6 months ago

    Someone is asking the important questions

    [–] [email protected] 3 points 6 months ago

    lol I've been pronouncing nginx as "enn-jinx" for so long before I learned that it was "engine-ex".

    [–] [email protected] 3 points 6 months ago

    I'm not yet convinced that "violating the unix philosophy" is a bad thing. I'm not saying that it's not, I don't have a defined opinion about this yet

    [–] [email protected] 2 points 6 months ago

    DJB is a genius

    [–] [email protected] 2 points 6 months ago

    Guys I only used SystemD and I didn’t know you could use anything else lol stop hating I never had any problems!

    [–] [email protected] 2 points 6 months ago (1 children)

    Which one looks more enterprisey and ensure your job security?

    load more comments (1 replies)
    load more comments
    view more: next ›