• PotatoesFall@discuss.tchncs.de
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    I’m no expert on this but I’m pretty sure the /etc directory is writeable too for config files, which sadly still allows a user or malware to still bork the system if they get superuser privilege

    • fullstackhipster@awful.systems
      link
      fedilink
      arrow-up
      7
      ·
      4 months ago

      I find it hard to imagine a system that is not borkable by a superuser. Maybe it’s helpful to think of immutable setups as harder to bork by accident during routine maintenance (e.g. through faulty updates) and more resilient to bad code (through containerization).

      • PotatoesFall@discuss.tchncs.de
        link
        fedilink
        arrow-up
        4
        ·
        4 months ago

        good point, that’s fair. The reason I think it bears mentioning is that editing configs under /etc/ is totally something we might expect a user to do. So you could follow a tutorial online that is wrong or outdated and with enough bad luck, tada, you bricked your “immutable” system. Or, less dramatic and more likely, something doesn’t work as intended anymore and you don’t know how to restore to the original config from when you installed.

        • fullstackhipster@awful.systems
          link
          fedilink
          arrow-up
          7
          ·
          4 months ago

          You’re right that “immutable” is a bit of a misnomer in that regard, and it’s been argued that “atomic” is a more fitting term.

          And I agree that a lot of documentation and how-to-guides don’t account for immutable setups (yet?), which can get novice users especially in a lot of trouble.

          Personally, I prefer a declarative system (NixOS) that solves this problem rather cleanly and gives me most benefits of so-called immutable distros as well.