systemd Rolling Out "run0" As sudo Alternative
Overnight systemd lead developer Lennart Poettering wrote on Mastodon around systemd's newest effort: run0 as a sudo-like command.
Coming for systemd 256 is "run0" as a sudo clone. Due to long-standing issues with sudo, Lennart wrote of run0:
Those wishing to learn more about systemd's run0 as a sudo alternative can see more of Lennart's commentary on Mastodon.social.
Coming for systemd 256 is "run0" as a sudo clone. Due to long-standing issues with sudo, Lennart wrote of run0:
There's a new tool in systemd, called "run0". Or actually, it's not a new tool, it's actually the long existing tool "systemd-run", but when invoked under the "run0" name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it's *not* in fact SUID. Instead it just asks the service manager to invoke a command or shell under the target user's UID. It allocates a new PTY for that, and then shovels data back and forth from the originating TTY and this PTY. Or in other words: the target command is invoked in an isolated exec context, freshly forked off PID 1, without inheriting any context from the client (well, admittedly, we *do* propagate $TERM, but that's an explicit exception, i.e. allowlist rather than denylist).
One could say, "run0" is closer to behaviour of "ssh" than to "sudo", in many ways.
...
The tool is also a lot more fun to use than sudo. For example, by default it will tint your terminal background in a reddish tone while you are operating with elevated privileges. That is supposed to act as a friendly reminder that you haven't given up the privileges yet, and marks the output of all commands that ran with privileges appropriately
Those wishing to learn more about systemd's run0 as a sudo alternative can see more of Lennart's commentary on Mastodon.social.
193 Comments