On 2019-06-12 03:55, Ingo Schwarze wrote:
Even though su(1) can still be used today to relinquish privilege
when you are already root, no more development is done on it and people
rarely look at the manual page. The last time new functionality was
added to the su(1) manual page was almost a decade ago, and the
last time before that 17 years ago.
Well, su(8) also is used to obtain root privileges in the first place.
FWIW, I regularly use "su" on OpenBSD because it's a relatively
consistent cross-platform way to have root run a command as someone
else. I recall a good number of ports using su(8) internally in, e.g.
process-control scripts - but that was years ago, not sure if it's still
true or not.
doas simply isn't available anywhere else (yet). (IMHO, I don't think a
portable version of doas has a lot of potential - it's not complicated
enough! <grin>)
During initial system installation & deployment, before doas is
configured, and assuming you haven't [yet] added your SSH keys to
~root/.ssh/allowed_keys, it's quite impossible to avoid using su.
(AFAIK. If there's another way, let me know!)
I hope you're just saying that su(8) is a mature, stable utility that
needs no further work right now. It kind of sounds like you might be
saying that su(8) could be on the chopping block, much like sudo(8)...
have I misread that?
-Adam
