[systemd-devel] Documentation on 'run0' command in Systemd >256

Barry Scott barry at barrys-emacs.org
Fri Jun 27 09:32:53 UTC 2025 


> On 26 Jun 2025, at 17:58, SCOTT FIELDS <Scott.Fields at kyndryl.com> wrote:
> 
> I never said it was a drop-in replacement.
> 
> But if the goal is to use this instead of "sudo", some migration documentation would help quite a bit.
> 
> I know the implementation will not work with current "sudoers" configurations, nor will it ever per comments from Leonard Poettering.
> 
> But the current documentation I find lacking in how to perform the same functions I'm already doing with "sudo".

It's on my TODO list workout how to move from sudo to run0 as well.
The lack of how-to docs has held me back as well.

I've got as far as knowing that I need to learn about writing polkit rules to allow run0 to replace sudo.
To that end looking at pkexec and it's docs is the way into this world I think.

Barry


> 
> From: Nils Kattenbeck <nilskemail at gmail.com <mailto:nilskemail at gmail.com>>
> Sent: Thursday, June 26, 2025 11:50 AM
> To: SCOTT FIELDS <Scott.Fields at kyndryl.com <mailto:Scott.Fields at kyndryl.com>>
> Cc: Systemd <systemd-devel at lists.freedesktop.org <mailto:systemd-devel at lists.freedesktop.org>>
> Subject: [EXTERNAL] Re: [systemd-devel] Documentation on 'run0' command in Systemd >256
>  
> run0 is not a drop-in replacement for sudo in every case. It works
> inherently different but therein lies its strength (but also its
> weaknesses). For allowing only specific commands you will need to look
> into setting up polkit rules because that is what run0 uses in the
> back to check if running the command should be allowed.
> 
> Cheers, Nils
> 
> On Wed, Jun 25, 2025 at 11:30 PM SCOTT FIELDS <Scott.Fields at kyndryl.com <mailto:Scott.Fields at kyndryl.com>> wrote:
> >
> > 'run0' is defined as a better 'sudo', though the documentation I see is a bit sparse.
> >
> > Is documentation regarding how to get similiar function from 'run0' as you can in a sudo configuration file present anywhere?
> >
> > Primary issue is restricting access to specific users and commands.
> >
> > The latter is the what I see not really documented.
> >
> > And more specifically, how to specify "wildcard" formatted commands, if currently possible at all, directly.
> >
> > Essentially, more a porting guide for moving an existing 'sudo' configuration to the new 'run0' infrastructure.
> >
> > Scott Fields
> > Kyndryl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250627/ac5b7c61/attachment.htm>

More information about the systemd-devel mailing list