At this point i don't care anymore if my system has systemd or whatever, as long it's works i don't have complaint
Maybe back when I'm still young i will agree with majority linux enthusiasm that systemd is bloat, GUI is bloat, or whatever. But now as long it's work & can do job properly i don't care or even care
Jokes aside, GUI really is bloat. Especially when it's made by a corporate company with absolute dogshit development practices.
On a more serious note, systemd is bloat. With all of you new kids coming over to this side, start with the right way: the runit way. Also compile Gentoo whilst you're at it.
Obligatory /s if anyone is offended, you bunch of snowflakes
For a while I had an Asus laptop, and no matter what, it seemed to not want to work properly with systemd-based distros. It would hang on-boot about 95+% of the time, I'd hard shut-off, restart, repeat.
On a whim, I tried Void Linux (runit) on it. And for whatever reason, it worked.
And it does proper split DNS by default, using the search domains of each interface. That way you can configure a global DNS resolver while still being able to resolve local hostnames and without leaking other queries. I just hope they’ll also add DoH support, which is less likely to be blocked on a corporate network.
In.the sense that it is usually delivered with all the other optional modules, and for alternatives or the old default you would need a bunch of shims and wrappers.
I'm not sure if it was related to systemd, but when I used void linux I had a strange sound problem that I never had on systemd distros,
when I tried to change the volume level, it returned to its original level,
I tried to find solution but I didn't found because void linux isn't very popular distro, and probably only I had this problem
Hate to be that guy, but all those articles are 5 years or older. Have people had more recent complaints about systemd or did that movement that complains about it kinda move on?
So does sysvinit. PID 1 has to be root to do its job. Under sysvinit it is the responsibility of each daemon to drop privileges on their own if they wish to do so.
Systemd can handle your services such that they start unprivileged from the get go. It also offers a lot of isolation by default with options like PrivateTmp, ProtectHome, ProtectSystem powered by cgroups. It can effectively run your services like they're in a Docker container if you want.
A lot of systemd also runs as separate services with their own user as well. Only the core init part really runs as root, it prefers to drop privilges and apply cgroup isolation wherever it makes sense to do so. The logger for example runs as systemd-journald, the DNS resolver runs as systemd-resolved. They're part of the systemd package but far from all of it runs as root. Systemd can even do certain privileged operations so that the service can run with less privileges such as binding port 80/443 for you so the web server doesn't need root at all to run.
It also enables users to do certain operations without requiring elevating privileges with sudo, which in many cases can help not have to give sudo NOPASSWD specific commands because your web developers need to be able to restart the web server, you can just add a Polkit rule that allows restarting that service without privileges. Systemd is all D-Bus, so you can control access at a very granular level. You can grant only start and reload if you want.
Sysvinit is just shell scripts running as root. There is no security whatsoever, it was never sysvinit's job to secure the system. It's mostly fine as all the tooling for it also requires root to use. But it does require root 100% of the time to interact with it.
There's good reasons to prefer sysvinit, those are just common FUD systemd haters keep spreading. There's no need to discredit or outright lie about systemd to justify preferring sysvinit: the simplicity of a few shell scripts and not needing 99% of what systemd does is a perfectly valid argument on its own.
I have boxes that use systemd very heavily and some that have a custom bash script as the init because the box only needs an IP and to start a single app. Right tool for the right job and stuff.
My initial learning was in 2004 with Ubuntu, so Upstart and I also messed with FreeBSD, so I was familiar with the RC system. Systemd took me a bit to wrap my head around, and I don't mind it. It's good to know both.
SysV init works more reliably, is smaller, does just one job and is much, much better architected.
SystemD tends to fail if you do anything out of the ordinary, is massively bloated, has it's claws into far too many parts of the system, is IMHO poorly architected, the many of the individual components are poorly designed and the whole thing is a huge, and utterly unnecessary, attack surface.
SystemD is probably adaquate if you just want to use your machine in the most basic way, but as soon as you try to do anything beyond that you start running into the rough edges and bad design decisions that it's plagued with.
Could you elaborate on this? As someone who uses SystemD extensively on workstations and servers for spawning and managing both system-level and user-level services, I do find minimal issues overall with SystemD minus some certain functionalities such as socket spawning/respawning.
Of course some of default SystemD's housekeeping services do suck and I replace them with others. I would like to see the ability to just remove those services outright from my systems as separate packages since they do remain useless, but it isn't that big of an issue.
I also use systemd a lot and it baffles me people can claim sysvinit was more reliable with a straight face.
Half the time I restarted MySQL in the sysvinit days (pre-upstart as well), it would fail to stop it then try to start a new instance of it with the old one still running and the only way to fix it was to manually stop the other instance.
Process management is like the one thing systemd really does well thanks to cgroups, it's impossible for it to lose track of processes because the process lied about its pidfile.
SysV init does one job, it runs a set of scripts in an admin defined order, the init portion of SystemD attempts to solve a dependency graph at boot time and execute the startup scripts (units) in the order it devines from that. The big problems I've had around that have been services silently failing to start because it failed to resolve the ordering, and the difficulty of inserting a new unit into the ordering in a specific place. It's doable if there happens to be a target at the point you want, but if not you can't really do it as the existing, and any new, services all sequenced on the existing target. With SysV, of course, setting the service start order is trivial.
The thing is, if SystemD was just an init system it wouldn't be as bad, and has some useful ideas, but it tries to replace huge swathes of the system. As you say, some, and I'd say most, of the default housekeeping services suck, and you need to replace them. Unfortunately this then breaks the much vaunted integration of those services. Leaving them on the system isn't a great plan as it just leaves the extra attack surface. So now you need to contemplate repackaging it to exclude the stuff you don't need, which is a huge pain, and makes keeping up-to-date a big job. You've also got to worry about breaking dependencies from other packages.
Probably the biggest issue though is the huge attack surface SystemD exposes on your system. We've just seen an example of how that can be taken advantage of, with malware in a library way down the dependency chain from the system library that gets jammed into all sorts of things. I understand there is an effort underway to reduce those dependencies, but it'll always be worse than simply not doing that in the first place.
The architectural and design issues are to do with the way the different parts are so tightly linked when they have no rational reason for being, the level of complexity introduced to core services and the incoherence of some of the choices around behavior. A recent bugbear was the automounter. It works most of the time, but if a mount unit fails it just gives access to the mountpoint, when by definition you obviously and explicitly didn't want that. It also has a nasty habit of marking the unit failed, so future attempts also get bypassed until you reset it or have a recovery unit to do that.
Anyway this turned into a wall of text, and its late, so I'm going to stop there, I hope it's reasonable coherent.
Systemd has a larger attack surface area since it touches more things, even though you can assign user accounts and such. Just the simple fact that it does more things than simply executing a shell script (like everything before systemd does) makes it more vulnerable.
Systemd has a larger attack surface area since it touches more things
That's what the critics always say but are the things it manages unnecessary? If not, you'd use other tools for that but the overall attack surface would be the same.
i was forced to use systemd professionally when it was buggy and broke all the time in its first releases in the red hat eco system; so it's fair that some people would hold grudges against it.
