Differences

This shows you the differences between two versions of the page.

--- osinstallation:debian11runit [2021/08/21 21:04] – created senioradmin
+++ osinstallation:debian11runit [2021/08/22 12:30] (current) – [Conclusion] senioradmin
@@ Line 9: / Line 9: @@
 ''Bootloader (e.g. Grub) -> Kernel (e.g. Linux kernel) -> init -> login prompt''
-A few years ago a change of the init system took place in most Linux distributions. The previously used init system "SysVinit" still had its origin in the primeval times of Unix. Services are started with SysVinit by shell scripts, which can become very complex. By the sequential processing of these scripts a system could need very long time to start. This seemed to be out of date. Because of this there were attempts to replace SysVInit by something more modern for some time.
+A few years ago a change of the init system took place in most Linux distributions. The previously used init system "SysVinit" still has its origin in the primeval times of Unix. Services are started with SysVinit by shell scripts, which can become very complex. By the sequential processing of these scripts a system could need very long time to start. This seemed to be out of date. Because of this there were attempts to replace SysVinit by something more modern for some time.
 Canonical tried it with Ubuntu with the "Upstart" system. Long before that, IT professor Daniel J. Bernstein (also known as "djb") tried to improve the init system with his "daemontools".
-n 2010, Lennart Poettering - an employee at Red Hat - programmed the software "systemd". Sysdtemd should not only serve as an init system, but provide a complete framework, which serves the administration of Linux systems. Systemd not only starts services, but also provides sockets. In addition, systemd provides service with its own utilities, which are
+n 2010, Lennart Poettering - an employee at Red Hat - programmed the software "systemd". Systemd should not only serve as an init system, but provide a complete framework, which serves the administration of Linux systems. Systemd not only starts services, but also provides sockets. In addition, systemd provides service with its own utilities, which are
-intended to replac the traditional Unix programs. For example, systemd-networkd, systemd-logind, systemd-journald (as a replacement for syslog), systemd-resolved (name resolution), systemd-timesyncd, etc. exist. And the number keeps growing.
+intended to replace the traditional Unix programs. For example, systemd-networkd, systemd-logind, systemd-journald (as a replacement for syslog), systemd-resolved (name resolution), systemd-timesyncd, etc. exist. And the number keeps growing.
-In the last decade, systemd has become the standard for most distributions. In Debian, it has been the default init system since version 8.
+In the last decade, systemd has become the default for most distributions. In Debian, it has been the default init system since version 8.
 ===== Why not use the default init system "systemd"? =====
-Systemd is not only an init system, but performs a variety of tasks. If you consider the tasks that a modern desktop operating system has to perform, then it certainly makes sense to combine these tasks in an integrated system. In general, users are not interested in the single internal services that run on the computer. They want the computer to work and be fast. This is perfectly legitimate and systemd is fine for this purpose.
+Systemd is not only an init system. It performs a variety of tasks. If you consider the tasks that a modern desktop operating system has to perform, then it certainly makes sense to combine these tasks in an integrated system. In general, users are not interested in the single internal services that run on the computer. They want the computer to work and be fast. This is perfectly legitimate and systemd is fine for this purpose.
 In IT, we often talk about "use cases" and the "desktop" use case is just one of many. In the area of system administration, it often comes down to keeping the system (server, router, etc.) stable and secure. Two basic Unix principles to achieve this are called
@@ Line 32: / Line 31: @@
-This also has the purpose of avoiding too much complexity, because complexity is the enemy of security. One must acknowledge that systemd only pays little attention to these principles. The software consists of over 1.2 million lines of code (as of 2019) and has - unsurprisingly - already made headlines due to [[https://www.cvedetails.com/vulnerability-list/vendor_id-7971/product_id-38088/Freedesktop-Systemd.html|spectacular security vulnerabilities.]]
+This also has the purpose of avoiding too much complexity, because complexity is the enemy of security. One must acknowledge that systemd only pays little attention to these principles. It consists of over 1.2 million lines of code (as of 2019) and has - unsurprisingly - already made headlines due to [[https://www.cvedetails.com/vulnerability-list/vendor_id-7971/product_id-38088/Freedesktop-Systemd.html|spectacular security vulnerabilities.]]
-Software has such a fundamental significance in an operation system should therefore - if security is of importance - be "small and simple" in order to avoid security  as far as possible.
+Software which has such a fundamental significance in an operating system should therefore - if security is of importance - be "small and simple" in order to avoid security  as far as possible.
 ===== What is runit? =====
@@ Line 42: / Line 41: @@
 Based on the above mentioned daemontools from djb further systems developed, like s6 or  runit. These daemontools-inspired init systems are similar in structure and use, but have different levels of complexity.
-Runit is primarily designed for simplicity and a small code base. This in itself is  a good prerequisite to build a safe system. It consists of several small programs and knows per default 3 "stages":
+Runit is primarily designed for simplicity and has a small code base. This in itself is  a good prerequisite to build a safe system. It consists of several small programs and knows per default 3 "stages":
   * Stage 1 - System initiation
@@ Line 58: / Line 57: @@
   * runsvdir - starts a supervision tree
-In generalk an init system consists of
+In general an init system consists of
     * init / PID1 - Initiates everything else
@@ Line 64: / Line 63: @@
     * a supervisor - monitors running services
-Runit is kept very minimal and has no full-blown service manager. For starting and stopping sv is used.
+Runit is kept very minimal and has no full-blown service manager. For starting and stopping services sv is used.
@@ Line 79: / Line 78: @@
 I assume here a minimal system installation of Debian 11, done with a "netinst" ISO image. How to perform such a minimal installation of Debian is not part of this article. Important is only: in the software selection everything should be deselected.
-After logging in to the system as root, the runit packages are installed first
+After logging in to the system as root, at first the runit packages are installed
 ''apt install runit runit-init''
@@ Line 185: / Line 184: @@
 </code>
-To "runit-fy" additional services should not be a problem. You can also check the Arch-based distro [[https://gitea.artixlinux.org/explore/repos?tab=&sort=recentupdate&q=-runit|Artix]]. This repo contains many examples of runit service scripts
+To "runit-fy" additional services should not be a problem. You can also check the Arch-based distro [[https://gitea.artixlinux.org/explore/repos?tab=&sort=recentupdate&q=-runit|Artix]] btw. This repo contains many examples of runit service scripts
@@ Line 213: / Line 212: @@
 I have demonstrated how to replace systemd on Debian 11 with the init service runit. Since runit is a proven, very lightweight and secure system, it is also possible to configure Debian quite a bit more securely and reliably with it. This is true for desktops as well as (ift not even more so) for servers. Supervision makes sure that services are monitored.
-I will hide the fact that runit reaches its limits in more complex scenarios. For this, the similar system [[https://skarnet.org/software/s6/|s6]], which is also based on the djb daemontools, might be suitable, but it has a much steeper learning curve.
+I will not hide the fact that runit reaches its limits in more complex scenarios. For this, the similar system [[https://skarnet.org/software/s6/|s6]], which is also based on djb's daemontools, might be more suitable, but it has a much steeper learning curve.