sudo is already an optional component (yes, really—I don’t have it installed). Don’t want its attack surface? You can stick with su and its attack surface instead. Either is going to be smaller than systemd’s.
systemd’s feature creep is only surpassed by that of emacs.
I’m not a fan of having root be able to actually login.
Even more so in a true multiuser env where I would rather have privilege escalation be more granular (certain user/groups can esculate certain actions but not others, maybe even limit options of a cmd).
Granted, in a true multiuser environment with an admin who’s carefully tailoring /etc/sudoers to make sure everyone has the least possible privileges that will allow them to still do what they need, sudo is more secure. There’s no doubt of that.
On a machine that has only one human user who’s also the admin, and retains the default sudo-with-user-passwords configuration, su vs sudo is pretty much a wash, security-wise. su requires a second password to get root access, but sudo times out and requires the password to be re-entered while a shell created by su can stay open indefinitely. Which is more easily broken will depend on other details of your situation.
(If you’re running an incorrectly configured ssh server that allows direct root login with only password authentification, having a root password could contribute to problems, but the correct fix there is to reconfigure the ssh server not to do something so stupid. I hope there’s no distro that still ships that way out of the box.)
sudois already an optional component (yes, really—I don’t have it installed). Don’t want its attack surface? You can stick withsuand its attack surface instead. Either is going to be smaller than systemd’s.systemd’s feature creep is only surpassed by that of emacs.
Tomorrow’s headline: emacs wants to expand to include a Sudo replacement
And after that: emacs wants to include a systemd replacement
:wq
I’d take that over systemd.
Or you can use a
doasimplementation like OpenDoas, or maybesudo-rs…Though a Rust clone of sudo that operates in the same way will still have the same problems.
And there’s also doas which is a nice substitute.
I’m not a fan of having root be able to actually login.
Even more so in a true multiuser env where I would rather have privilege escalation be more granular (certain user/groups can esculate certain actions but not others, maybe even limit options of a cmd).
Granted, in a true multiuser environment with an admin who’s carefully tailoring /etc/sudoers to make sure everyone has the least possible privileges that will allow them to still do what they need,
sudois more secure. There’s no doubt of that.On a machine that has only one human user who’s also the admin, and retains the default sudo-with-user-passwords configuration,
suvssudois pretty much a wash, security-wise.surequires a second password to get root access, butsudotimes out and requires the password to be re-entered while a shell created bysucan stay open indefinitely. Which is more easily broken will depend on other details of your situation.(If you’re running an incorrectly configured ssh server that allows direct root login with only password authentification, having a root password could contribute to problems, but the correct fix there is to reconfigure the ssh server not to do something so stupid. I hope there’s no distro that still ships that way out of the box.)
You also won’t be required to use run0.