• LainTrain@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    1
    ·
    6 months ago

    If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.

    Doing this every day just to open email is understandably fucking enraging even to me as a security “”“engineer”“”/analyst/${bullshitblueteamemailreaderjob}

    Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.

  • kenkenken@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    6 months ago

    I will use it. I don’t care what others think. People can use su, sudo, doas, run0 by their choice, and I don’t see why we need a common opinion about it.

    • PoorPocketsMcNewHold@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      Speaking of doas, is there any advantage of using it when… sudo is still available to be used? I agree that most of the stuff we require to use doesn’t need all the options sudo as, but if it is for the sake of security, maintenance, and stability… is there any reason to use doas ON TOP of the already setup sudo or su? In the past, I even tried to just apply a simple alias to replace sudo with doas, but numerous scripts and programs when trying to request explicit super-user permissions, just didn’t know what to do with doas as expected, so this ain’t it.

      • Samueru@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        Speaking of doas, is there any advantage of using it when… sudo is still available to be used?

        I like that its configuration file is very very simple.

        • PoorPocketsMcNewHold@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          When was the last time you had to edit sudo configuration file ? Same goes for doas. It’s has nothing going for, for the majority of desktop Linux users (from what I got as an answer)

      • Titou@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        I agree that most of the stuff we require to use doesn’t need all the options sudo as

        Main reason of using doas

        but numerous scripts and programs when trying to request explicit super-user permissions, just didn’t know what to do with doas as expected

        I’ve only found one software like that and it’s tipi, and it’s kinda dumb for a software to require such a easily replacable software. Also how openbsd users are supposed to do ? Having both doas and sudo on their machine which is unnecessary bloat ?

        • PoorPocketsMcNewHold@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          Sure do confirm that hard-coded sudo requirements are kinda dumb. But this proove systemd point. BSD mainly use doas. Linux mainly use sudo. Why not have an universal method for true cross-platform compatibility ? (Yes, I know plenty prefer or explicitly are against the usage of systemd suite of software, was pointing out systemd main reason of planning to propose an another standard, regardless if it will be popular or not)

  • exu@feditown.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    I might try run0 for fun, but I don’t think it’ll replace sudo any time soon.
    The biggest issue I see is run0 purposely not copying any environment variables except for TERM.
    You’d have to specify which editor to use, the current directory, stuff like PATH and HOME every time you run a command.