@nixCraft this actually looks great, he makes some great points about SUID binaries in his posts on Mastodon, and the idea of instead using a service that runs the thing for you gives you a lot more flexibility and control over 'sudo-ing' while also making it more simple from a security point of view-- I can imagine it could also make it more complicated from an operational point of view though, but I guess we'll have to see what it's like in practice