upvote

points

by sinsudo5 hours ago |
comments
upvoteby DaSHacka2 hours ago|
next
[-]
More than just two levels for sudo, the Linux permission model is completely broken for this very reason. (Also see: https://xkcd.com/1200/)

Honestly, the Android approach is significantly better. (and for that, see Micay's various ramblings posted online)

reply
upvoteby lrvick4 hours ago|
prev|
next
[-]
You do not need sudo for installing software. Can just install to ~/.local.

Many package managers require sudo, sure, but there is no good reason for them to in a modern linux system, and not all require this.

Even with systemd, you can use systemd --user.

reply
upvoteby michaelmior3 hours ago|
parent|
[-]
That depends on what the software is. If you want to run a service that bonds to a privileged port for example, you need sudo.
reply
upvoteby lrvick2 hours ago|
parent|
next
[-]
If you set the appropriate linux capabilities flag on a binary such as sshd at bootup then unprivileged users can bind to 22, no problem.

setcap 'cap_net_bind_service=+ep' /usr/sbin/sshd

Could even run it as a daemon unprivileged from a home directory with "systemd --user"

That said if you have multiple users and want every user to have their own sshd reachable on port 22 on the same machine you probably want to listen on vhost namespaced unix sockets and have something like haproxy listen on port 22 instead. Haproxy could of course also run unprivileged provided it has read access to all the sockets.

reply
upvoteby zrm2 hours ago|
parent|
prev|
next
[-]
For that you really only need CAP_NET_BIND_SERVICE.

The bigger issue is that if you want to install or update system-wide packages, many of those will be used by privileged processes. Suppose you want to update /bin/sh. Even if the only permission you had is to write binaries, that'll get you root.

reply
upvoteby signed-log2 hours ago|
parent|
prev|
[-]
For most things, you can do with capabilities

Issue is that it increases friction and you need sudo anyways to set the capabilities.

Most web servers would happy to run unprivileged with only CAP_NET_BIND_SERVICE

reply
upvoteby DonHopkins4 hours ago|
prev|
[-]
Unix used to have a user named "bin" just for owning all the binaries and performing installs.
reply
upvoteby sinsudo4 hours ago|
parent|
[-]
The old bin user is an idea that could be modernized with a new two level sudo concept, the higher one for recovery and diagnosis, already done in Chromebook and other solutions
reply
upvoteby DonHopkins2 hours ago|
parent|
[-]
bin passwords I will always remember: At the University of Maryland CS department systems the bin password was "fuck,you", and there was a devout Christian student on staff who had a problem with that, so we had to change it (to something harder to remember, I just can't recall).
reply