If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.
Doing this every day just to open email is understandably fucking enraging even to me as a security """engineer"""/analyst/${bullshitblueteamemailreaderjob}
Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever
run0 sudo su <reverse shell bs here>
to bypass all protections.No, it'll just be yet another pile of bloat that'll separate IBM distros and their followers (rhel, fedora, centos, debian, arch) from the rest (alpine, void, gentoo, devuan, *BSD).
Wait Arch and Debian are owned by IBM? It sounds like one insane piece of conspiracy tbh.
Nah, I'm just referring to IBM's acquisition of redhat. I've been referring to redhat as IBM in kind.
Arch ships redhat userland (systemd) and doesn't support alternative userlands; you have to go to artix for that.
For clarity,
because the obnoxious ones out there didn't get it,this refers to how Arch, Debian, Fedora and most other distros just default to systemd and hence can (and probably will) make use ofrun0
. While, on the other hand, distros like Alpine, Artix, Devuan, Void and others (including *BSD-systems) will not. For distros with no defaults (e.g. Gentoo), the user gets to decide.
su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can't leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.
Sometimes I really hate the utility names people come up with.
I would love to see chatgpt rename all the core utils in a way that summarizes their function.
I feel like this is well named (run as user 0) so then I'm wondering what else you dislike and what you think would be improvements?
My complaint was mostly targeting the big picture of everything living in
/bin/
I inferred the 'user 0' thing to their credit like you, it just still felt really strange as numerals are kind of a no no when programming -- you can't begin variable and other names with them and I guess having them as a suffix feels strange too as it's not common practice.
It will definitely be the only utility I recall that uses a numeral.
To me the whole numeral systems are archaic, User ID numbers don't line up when transferring data from hard drives from another machine eg 1000-1005.
The numeral permission system is archaic and requires explicit knowledge to know the difference between a 7 6 and 4. In GUI Immutability is separate when it should be more integrated as a file control. The octal permissions are from another decade and modern platforms have permissions on whether a executible can access the internet, access input devices like camera or microphone, or sensitive data like contacts, pictures, etc...
I think file tagging should be greatly expanded, IDv3 meta data for example was a workaround for the limitations and the core filesystem should have robust enough tagging to make it unnecessary.
I'll be controversial now -- eliminate the . prefix to hide files. Yes I know it had been this way for decades and was grandfathered in as a feature after a bug, that should have been in the filesystem properties like chattr +I and you shouldn't need .hidden indexes to hide files just like windows and osx litters zip files with MDF or inf or whatever (memory is fuzzy from non use).
Some people say "4 character" limit, that needs to go too -- FHS naming structure is confusing and not self evident what it does to people trying to learn who already have IT training. /etc/ having 2 or more bins /bin vs /usr/bin -- 'what does usr mean the new it ponders' 'oh it must mean 'user' I guess'. -- weird stuff like that.
To systemd credit they have no problem being controversial and relentlessly persuing their vision in a practical way, hell I use their stuff hapilly.
I just feel like the run0 thing is a band aid on bigger problems, and AI critique would be very fascinating to make these human interfaces you know... more for us humans :P
If not systemd, maybe the rust people or someone else will be baller enough to try to tackle these funny ackward quirks that have accumulated over the years and straighten it all out.
I don't know, we'll just have to see. But personally, I am not a fan of tying so many functionalities to systemd.
Is it going to eventually add kernel functionality and become GNU/run0 like systemd? If not i'll keep using sudo on Ubuntu and doas everywhere else.
I'd fedora starts to use it then yeah I'll use it but I'll just make an alias cause muscle memory