I built sdctl, a security-focused systemd service manager
Before I talk about `sdctl`, I want to first address the elephant in the room: why another TUI for managing systemd services?
This tool is not the first of its kind. I have been using systemctl-tui and systemd-manager-tui extensively to the point that I forgot how to use `systemctl` from the command line. However those tools share one major limitation: they require `sudo` for privileged operations. In today’s supply-chain threat landscape, that is a serious risk because a TUI app depends on many components, and any compromised dependency could become a full-privilege attack vector.
This is why I built `sdctl` with a completely different security model: the app itself should never be run with `sudo`, and no action ever asks for blanket root access. When you perform any action that requires escalated privileges, the app opens an embedded `polkit` flow that authenticates only the specific `systemctl` action you are trying to perform, using whatever mechanism is available on the system, such as password, fingerprint reader, or smart card. That keeps the privilege boundary explicit and tied to a single operation instead of the whole process.
requesting authentication to restart a service
On top of that, I've packed a lot of useful features into `sdctl`. These are meant to address actual pain points I've encountered while using similar tools, including a powerful syntax highlighter for viewing journal logs (powered by tailspin), a simple yet useful custom-built syntax highlighter for viewing unit files, a comprehensive filter system with fuzzy search, and a line-based selection mode (inspired by vim's visual mode) that makes copying multiple lines from journal logs much faster.
copying multiple lines of log into the system clipboard (with wl-copy or xclip)
unit file view with a simple built-in syntax highlighter
Here's the github repo: https://github.com/ruiiiijiiiiang/sdctl Feedback and contribution welcome!
