run0 - Man Page
Elevate privileges
Examples (TL;DR)
Synopsis
run0 [Options...] [COMMAND...]
Description
run0 may be used to temporarily and interactively acquire elevated or different privileges. It serves a similar purpose as sudo(8), but operates differently in a couple of key areas:
- No execution or security context credentials are inherited from the caller into the invoked commands, as they are invoked from a fresh, isolated service forked off by the service manager.
- Authentication takes place via polkit[1], thus isolating the authentication prompt from the terminal (if possible).
- An independent pseudo-tty is allocated for the invoked command, detaching its lifecycle and isolating it for security.
- No SetUID/SetGID file access bit functionality is used for the implementation.
Altogether this should provide a safer and more robust alternative to the sudo mechanism, in particular in OS environments where SetUID/SetGID support is not available (for example by setting the NoNewPrivileges= variable in systemd-system.conf(5)).
Any session invoked via run0 will run through the "systemd-run0" PAM stack.
Note that run0 is implemented as an alternative multi-call invocation of systemd-run(1).
Options
The following options are understood:
- --no-ask-password
Do not query the user for authentication for privileged operations.
Added in version 256.
- --unit=
Use this unit name instead of an automatically generated one.
Added in version 256.
- --property=
Sets a property on the service unit that is created. This option takes an assignment in the same format as systemctl(1)'s set-property command.
Added in version 256.
- --description=
Provide a description for the service unit that is invoked. If not specified, the command itself will be used as a description. See Description= in systemd.unit(5).
Added in version 256.
- --slice=
Make the new .service unit part of the specified slice, instead of user.slice.
Added in version 256.
- --slice-inherit
Make the new .service unit part of the slice the run0 itself has been invoked in. This option may be combined with --slice=, in which case the slice specified via --slice= is placed within the slice the run0 command is invoked in.
Example: consider run0 being invoked in the slice foo.slice, and the --slice= argument is bar. The unit will then be placed under foo-bar.slice.
Added in version 256.
- --user=, -u, ā--group=, -g
Switches to the specified user/group instead of root.
Added in version 256.
- --nice=
Runs the invoked session with the specified nice level.
Added in version 256.
- --chdir=, -D
Runs the invoked session with the specified working directory. If not specified defaults to the client's current working directory if switching to the root user, or the target user's home directory otherwise.
Added in version 256.
- --setenv=NAME[=VALUE]
Runs the invoked session with the specified environment variable set. This parameter may be used more than once to set multiple variables. When "=" and VALUE are omitted, the value of the variable with the same name in the invoking environment will be used.
Added in version 256.
- --background=COLOR
Change the terminal background color to the specified ANSI color as long as the session lasts. If not specified, the background will be tinted in a reddish tone when operating as root, and in a yellowish tone when operating under another UID, as reminder of the changed privileges. The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as "40", "41", ..., "47", "48;2;...", "48;5;...". See ANSI Escape Code (Wikipedia)[2] for details. Set to an empty string to disable.
Example: "--background=44" for a blue background.
Added in version 256.
- --machine=
Execute operation on a local container. Specify a container name to connect to.
Added in version 256.
- -h, ā--help
Print a short help text and exit.
- --version
Print a short version string and exit.
All command line arguments after the first non-option argument become part of the command line of the launched process. If no command line is specified an interactive shell is invoked. The shell to invoke may be controlled via --setenv=SHELL=... and currently defaults to the originating user's shell (i.e. not the target user's!) if operating locally, or /bin/sh when operating with --machine=.
Exit Status
On success, 0 is returned. If run0 failed to start the session or the specified command fails, a non-zero return value will be returned.
Environment Variables
As with systemd-run, the session will inherit the system environment from the service manager. In addition, the following environment variables will be set:
- $TERM
Copied from the $TERM of the caller. Can be overridden with --setenv=
Added in version 256.
- $SUDO_USER
Set to the username of the originating user.
Added in version 256.
- $SUDO_UID
Set to the numeric UNIX user id of the originating user.
Added in version 256.
- $SUDO_GID
Set to the primary numeric UNIX group id of the originating session.
Added in version 256.
See Also
Notes
- polkit
https://www.freedesktop.org/wiki/Software/polkit - ANSI Escape Code (Wikipedia)
https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_(Select_Graphic_Rendition)_parameters
Referenced By
systemd.directives(7), systemd.index(7), systemd-run(1).