sudo isn’t simple at all. SUID binaries shouldn’t be LDAP clients, IMO. Unfortunate bugs like “user environment variables are used to select the editor” make all the complex configuration a huge risk, because permitting a single user to edit a single file suddenly gives the user full root access when they set the right env variables.
I have no specific love for run0 (doas works just as well) but sudo does way more than it should do in a binary with the SUID bit.
run0 doesn’t exist because systemd wanted to build their own sudo, they just realised their systemd-run already offers most sudo features so they may as well make them available to end users.
I mostly agree with your write-up here. That said, I do think that systemd does want to eliminate SUID. I also think they want to absorb most of the low level system plumbing.
I don’t think they want to change anything for non-systemd environments, but their solution not requiring SUID is just a nice little advantage.
Of course you can use the many systemd tools to replace a kludge of alternatives (just systemd vs dnsmasq+netplan+rsyslog+…) but most distros seem to selectively apply a few parts of systemd, and use their own preferred alternatives for the parts that systemd isn’t particularly great at.
sudoisn’t simple at all. SUID binaries shouldn’t be LDAP clients, IMO. Unfortunate bugs like “user environment variables are used to select the editor” make all the complex configuration a huge risk, because permitting a single user to edit a single file suddenly gives the user full root access when they set the right env variables.I have no specific love for
run0(doasworks just as well) butsudodoes way more than it should do in a binary with the SUID bit.run0doesn’t exist because systemd wanted to build their ownsudo, they just realised theirsystemd-runalready offers mostsudofeatures so they may as well make them available to end users.I mostly agree with your write-up here. That said, I do think that systemd does want to eliminate SUID. I also think they want to absorb most of the low level system plumbing.
I don’t think they want to change anything for non-systemd environments, but their solution not requiring SUID is just a nice little advantage.
Of course you can use the many
systemdtools to replace a kludge of alternatives (just systemd vs dnsmasq+netplan+rsyslog+…) but most distros seem to selectively apply a few parts of systemd, and use their own preferred alternatives for the parts that systemd isn’t particularly great at.