• mholiv@lemmy.world
    link
    fedilink
    arrow-up
    92
    arrow-down
    6
    ·
    8 months ago

    When you hate something so much you have to find weird corner cases to support your views. Even then the way described isn’t how someone who knows that they are doing would do.

    The best way for an unprivileged user to manage a service is for that user to run it. That way you inherit the correct permissions / acls / selinux contexts.

    The command to do so is:

    systemctl --user start the_service.service

    • sorrybookbroke@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      2
      ·
      edit-2
      8 months ago

      What if multiple users have to manage that service?

      Edit: nvrmnd, pretty sure the runnit solution won’t allow this either, your answer is correct. What about while the service is already running? Wouldn’t your solution require a restart?

      • mholiv@lemmy.world
        link
        fedilink
        arrow-up
        14
        arrow-down
        2
        ·
        8 months ago

        If the service is already running it has to be stopped as a system service and run as a user service. In order to ensure that the service inherits all the correct permissions / acls / se linux policies the service needs to be launched from the limited permissions context.

        With the systemd approach you’re not just passing a control handle around. You’re ensuring the process is running under an appropriate security context.

        If you want to let multiple users manage the user systems service, I would probably go with sudo and systemd user files. You could create a group which has sudo access etc. The important idea is that an unprivileged user controls an unprivileged service.

        • renzev@lemmy.worldOP
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          8 months ago

          With the systemd approach

          What about this makes it “the systemd approach”? runit supports user services too. These are just two different tasks that are needed in different contexts. Sometimes what you need is to “pass a control handle around” to a privileged service. And sometimes you need to actually make a service unprivileged.

      • renzev@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        8 months ago

        pretty sure the runnit solution won’t allow this either

        I’m no expert, but I think you could make a special group, set the supervise directory to be owned by that group, and add all relevant users to that group? Either way, as I explained in a different reply, running the service as a user vs letting that user control a root service are completely different things, and one is not always a substitute for the other.

      • MashedTech@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        8 months ago

        A generic stack overflow answer:

        Do you REALLY need multiple users to manage that service? Maybe it’s better to have multiple instances of that service and… (This goes on and on)

    • renzev@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      20
      ·
      8 months ago

      have to find weird corner cases

      Lol. Lmao even. I needed to do this because I wanted to learn the miryoku keyboard layout , and I wanted a way to quickly switch between Miryoku and standard QWERTY. The best way to do this that I could come up with was to bind a special key on my keyboard to toggle kmonad on and off. So I wrote a service for kmonad and gave my user permission to manage it. Running kmonad as my user wouldn’t work, because kmonad needs root to create a virtual input device.

      Luckily, I am running Void, so the solution was a single well-documented command. Out of curiosity I decided to take a look at what this would look like on systemd distros, leading to this meme. Honestly, I had to do a double take by the time the guy started talking about Javascript.

      I feel kind of useless typing this out because you’re just gonna ignore it anyway. In my post, I am talking about needing to do X. Your response is “why are you doing X, you should do Y”. Why am I not surprised that you’re a systemd user? Do you also use Gnome by any chance?

      • mholiv@lemmy.world
        link
        fedilink
        arrow-up
        21
        arrow-down
        2
        ·
        8 months ago

        Hey. There is no reason to feel useless. Everyone has value. And the best part about Linux is that we all can make our own choices. If people hate systemd they don’t have to use it. That’s ok. Void linux I think is actually a pretty cool distro. It reminds me of the BSDs for some reason.

        I use systemd because I like how it works and I think it’s well designed. As for desktops I am a huge fan of sway. Gnome isn’t bad on a laptop or tablet though. What do you use?

        • renzev@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          I’m on bspwm right now, but I’ve been thinking of switching to wayland (in particular, hyprland). I’ve got nothing against gnome BTW. I have a friend with one of those laptops that turns into a tablet by flipping the keyboard to the back, and he also says Gnome is the only DE that “just works” for touchscreen, even though he uses KDE on his main laptop and desktop.

          How are things on wayland by the way? From what I understand, it has partial support for running X11 apps, right? Do you use any X11 apps, or were you able to find wayland-native counterparts for everything?

          [void] reminds me of the BSDs for some reason

          I’ve heard this comparison a lot, though I don’t know what it means, since I’ve never used BSD haha. Maybe I should give BSD a try sometime.

          And the best part about Linux is that we all can make our own choices

          Amen to that!

          • redcalcium@lemmy.institute
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            8 months ago

            How are things on wayland by the way? From what I understand, it has partial support for running X11 apps, right? Do you use any X11 apps, or were you able to find wayland-native counterparts for everything?

            Most of the time, you wouldn’t even notice if an app is using xwayland or native wayland… except for apps written with electron/chromium embedded framework (chromium, steam client, spotify, vscode, etc). They’re pretty glitchy on xwayland so you’ll have to figure out if they accept arguments to use wayland natively, but not all of them support wayland natively yet.

            • renzev@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              8 months ago

              That’s good to hear. I try to avoid electron apps (I just use the website version instead), but thanks for the tip anyway!

      • Solar Bear@slrpnk.net
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        8 months ago

        Your response is “why are you doing X, you should do Y”

        Because they’re right, you shouldn’t do X. I know that’s not a satisfying answer for most people to hear, but it’s often one people need to hear.

        If the process must run as root, then giving a user direct and unauthenticated control over it is a security vulnerability. You’ve created a quick workaround for your issue, and to be clear it is unlikely to realistically cause you problems individually, but on a larger scale that becomes a massive issue. A better solution is required rather than recommend everybody create a hole in their security like yours in order to do this thing.

        If this is something that unprivileged users reasonably want to control, then this control should be possible unprivileged, or at least with limited privilege, not by simply granting permanent total control of a root service.

        This is ultimately an upstream issue more than anything else.

      • Shareni@programming.dev
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        and I wanted a way to quickly switch between Miryoku and standard QWERTY. The best way to do this that I could come up with was to bind a special key on my keyboard to toggle kmonad on and off.

        You couldn’t think of to use layers?

        • renzev@lemmy.worldOP
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Well that would require learning the kmonad config syntax, and I was just looking for a quick solution… but yeah, adding a QWERTY layer is a better solution in the long term, I’ll probably do that some time

      • redcalcium@lemmy.institute
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        Wait, aren’t most desktop environment support switching keyboard layout these days? For example, gnome can do that with super+space or via the language switcher in the top bar. Using a user service to do this seems overkill.

        • renzev@lemmy.worldOP
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Miryoku isn’t a regular layout. It has things like keys that change what they do depending on whether you tap them or hold them. Maybe it’s theoretically possible to implement it as a standard XKB layout, but it would not be fun. Usually, Miryoku is implemented in your keyboard firmware. But if your keyboard doesn’t support flashing custom firmware (e.g. builtin laptop keyboard), then you have to use a software solution like kmonad, which is a daemon that has to run as root.

          As a sidenote, even for some “standard” keyboard layouts there needs to be background process. For example, Chinese and Japanese have too many characters to fit on a keybaord, so they use something called an Input Method Editor. But those usually don’t need root, in contrast to kmonad.

  • Vilian@lemmy.ca
    link
    fedilink
    arrow-up
    45
    arrow-down
    1
    ·
    8 months ago

    he’s trying to run the service as a user without run sudo, good luck trying that with runit

  • Björn Tantau@swg-empire.de
    link
    fedilink
    arrow-up
    42
    arrow-down
    1
    ·
    edit-2
    8 months ago

    And people who like systemd just thought of the first part of the answer which is exactly what the asker ended up doing.

    Which is basically the same as the runit way while putting everything in the user’s directory.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        23
        arrow-down
        12
        ·
        8 months ago

        Ok, just stop complaining. Almost everyone else disagrees and most of the community doesn’t even know that there is a different init system. Systemd was widely accepted 6 years ago and we have moved on.

        The good news is that you don’t have to use it. The bad news is pretty much everyone expects you to be using it.

          • renzev@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            25
            ·
            8 months ago

            Don’t bother arguing with systemd bots. They spent time and effort learning the ins and outs of their overcomplicated init system, so naturally when someone suggests that there is a simpler solution, they interpret it as a personal attack.

            • vinyl@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              8 months ago

              I’ve personally used more of runit and a bit of openrc. After fucking around for a good year I decided to jump back on systemd cause i was wasting way more time maintaining the system more than actually using it.

  • anyhow2503@lemmy.world
    link
    fedilink
    arrow-up
    26
    arrow-down
    2
    ·
    8 months ago

    Big news (from 2017): debian held back software features because someone doesn’t like the new way of doing things. Let’s blame systemd for this unprecedented case.

    What’s wrong with giving access to the specific sudo command, as suggested in the other answers?

    • brian@programming.dev
      link
      fedilink
      arrow-up
      25
      arrow-down
      1
      ·
      8 months ago

      one is giving the permission to manage the system service to a specific user, the other is running the service as the current user so they have permission to manage it by default

    • Darorad@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      8 months ago

      Yeah, I would switch off, but it just doesn’t seem worth the effort for something I rarely interact with.

  • duviobaz@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    11
    ·
    8 months ago

    I’m using Debian without ever having been involved in the init-wars. What’s wrong with Systemd and why should i not use it?

    • anarkatten@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      I’d like to know too, a ELI5 version if possible. Somethingsomething monolithic, but what does that actually mean for me as an end user?

      • Phoenixz@lemmy.ca
        link
        fedilink
        arrow-up
        9
        ·
        8 months ago

        In my personal opinion, correct me if I’m wrong:

        Systemd was created to replace the init system, then through extreme scope creep took over way more than wanted and needed, the main developer was “problematic” to say it politically correct, and in practice it has over complicated many super easy tasks to the point that I hate it. Other init systems were intuitive, systemd is all but.

        Few weeks ago I setup a systemd server ssh server. Changing the port would be 5 seconds in changing a line in the sshd config, but now with the new and improved systemd I need to follow some nightmare documentation into creating systemd files in unrelated places and reload configs or something and I’m done with it

    • renzev@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      8 months ago

      If you’ve never had a reason to not use it, then it’s fine to continue using it. Systemd has been shown to be more or less stable, fast, and secure. The reason I don’t like it is because it makes simple things really complicated. Some examples:

      • The meme
      • u/phoenixz@lemmy.ca example with sshd
      • Distros that use systemd init also seems to prefer using other systemd components as well. So you can get caught in weird situations where one task is spread across two different systems (e.g. systemd timers vs cron, systemd-elogind vs acpid)

      If none of these sound familiar, then switching to a non-systemd distro likely won’t make your life easier. But if you do, then it might be worth considering.

  • NeatNit@discuss.tchncs.de
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    edit-2
    8 months ago

    I’m out of the loop. The answer that references “one person’s personal opinion” is from 2017, and the context it links to is from 2016. Surely things have changed since then, right?

    … Right?

    (I’m genuinely asking, I’ve got no idea)

    Edit: I just checked on Linux Mint 21.3. It’s still on the same version as back then, 0.105. Well, Debian is nothing if not sable!

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      Bookworm looks to be on version 122, so as downstream distros update to newer Debian versions, it should be updated now

      • NeatNit@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Mint 21.3 is based on Debian Bookworm (via Ubuntu 22.04, not counting LMDE of course). I don’t know what you’re looking at and I also don’t fully know how this works, but what you said doesn’t seem to be the case.

        • ozymandias117@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          8 months ago

          Ubuntu 22.04 is long before Bookworm

          It looks like Ubuntu pulled in Bookworm’s version in 23.10

          If Mint is sticking to LTS Ubuntu versions, it will get it whenever it rebases on top of Ubuntu 24.04

          Edit: Debian (Bookworm) polkitd version 122: https://packages.debian.org/bookworm/polkitd

          Ubuntu 22.04 polkitd version 105: https://packages.ubuntu.com/jammy/polkitd

          Ubuntu 24.04 pre-release polkitd version 124: https://packages.ubuntu.com/noble/polkitd

          • NeatNit@discuss.tchncs.de
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            Very well, you seem to definitely know this stuff better than me! I based my comment on this answer and getting this myself on Mint 21.3:

            $ cat /etc/debian_version 
            bookworm/sid
            

            But reading a bit closer, I think this is the key part:

            That’s how, for example, Ubuntu 20.04, released in April 2020, can be based on Debian 11 “Bullseye”, which was released in August 2021.

            So Ubuntu probably pulled Bookworm before it was released, and before it upgraded policykit. But it’s still to some extent based on Bookworm. Does that sound right?

            • ozymandias117@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              8 months ago

              Yeah, Ubuntu pulls in the development version of Debian

              “Sid” is the unstable name for Debian - where packages are being tested for the next release

              Debian Bookworm was released 2023

              Ubuntu LTS and Debian have tended to release on a two year cadence offset by a year

              • Debian Stretch (2017)
              • Ubuntu 18.04 (2018)
              • Debian Buster (2019)
              • Ubuntu 20.04 (2020)
              • Debian Bullseye (2021)
              • Ubuntu 22.04 (2022)
              • Debian Bookworm (2023)
              • Ubuntu 24.04 (2024)
    • Björn Tantau@swg-empire.de
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      lol, I didn’t even attempt to read the full thing. But now you made me curious.

      But only curious. I don’t feel smart enough to read and comprehend the entire thing.

  • lightnegative@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    Is it r-unit, or run-it?

    I’ve read it as r-unit for so long and now I’ve only just realised that run-it makes far more sense

  • ancap shark@lemmy.today
    link
    fedilink
    arrow-up
    8
    arrow-down
    5
    ·
    8 months ago

    I’m not yet convinced that “violating the unix philosophy” is a bad thing. I’m not saying that it’s not, I don’t have a defined opinion about this yet

  • hector@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    Guys I only used SystemD and I didn’t know you could use anything else lol stop hating I never had any problems!

    • renzev@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      13
      ·
      8 months ago

      your job security

      I think I finally understand why systemd bots defend their init system so aggressively.