Re: "su is really a broken concept"

2015-09-03 Thread T.J. Duchene 
You're probably right, Jonathan.  "Su" is so common that it easy to make
that error. After looking at the current POSIX list, I did not find it.
Thank you for pointing that out.

Be well!
T.J.

On Wed, Sep 2, 2015 at 10:55 PM, Jonathan de Boyne Pollard <
j.deboynepollard-newsgro...@ntlworld.com> wrote:

> T.J. Duchene:
>
>> If someone can do it better, and still keep it compatible with POSIX,
>> more power to them.
>>
>
> This is not the first place where someone has randomly thrown POSIX into
> the discussion.  "su" is outwith the scope of the POSIX standard.  It's in
> the SVID, but to my knowledge "su" never made into POSIX.  The SUS mentions
> it in passing under setuid() as a non-conformant application.
>
>

Re: "su is really a broken concept"

2015-09-02 Thread Jonathan de Boyne Pollard 

T.J. Duchene:
If someone can do it better, and still keep it compatible with POSIX, 
more power to them. 


This is not the first place where someone has randomly thrown POSIX into 
the discussion.  "su" is outwith the scope of the POSIX standard.  It's 
in the SVID, but to my knowledge "su" never made into POSIX.  The SUS 
mentions it in passing under setuid() as a non-conformant application.

Re: "su is really a broken concept"

2015-08-31 Thread Jonathan de Boyne Pollard 
Lennart Poettering 
(https://github.com/systemd/systemd/issues/825#issuecomment-127917622):



Long story short:  su is really a broken concept.



Christian Seiler:


So it's not like su is suddenly broken - it's just that some specific 
new use cases don't work properly with it.




A fair number of people got their backs up for the very reason that su 
was described as "broken".  One could, of course ask whether in fact it 
is the XDG Base Directory Specification 
(http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html) 
that is the broken concept, for incorporating the notion of the only way 
that one reaches the point of running as any given user account being 
login.  ("the user being logged in ... the user first logs in ... the 
user fully logs out ... the user logs in more than once ... first login 
... last logout ... a full logout/login cycle")  Design a mechanism that 
at its foundation and throughout takes no account of adding other user 
account privileges into a login session with su, or indeed that 
processes wanting to create "runtime" files might be set-UID, and of 
course it will conflict.

Re: "su is really a broken concept"

2015-08-31 Thread T.J. Duchene 
On Tue, 2015-09-01 at 01:25 +0100, Jonathan de Boyne Pollard wrote:
> Lennart Poettering 
> (https://github.com/systemd/systemd/issues/825#issuecomment-127917622):
> 
> > Long story short:  su is really a broken concept.
> >
> 
> Christian Seiler:
> >
> > So it's not like su is suddenly broken - it's just that some specific 
> > new use cases don't work properly with it.
> >
I don't think so.  It is what it is.  If someone can do it better, and
still keep it compatible with POSIX, more power to them.  Just let the
rest of us chose which we want. 

That is the open way.

T.J.