Should I be using run0 instead of sudo?

I am reading this from man run0:

run0 may be used to temporarily and interactively acquire elevated or different privileges. It serves a similar
       purpose as sudo(8), but operates differently in a couple of key areas:

       •   No execution or security context credentials are inherited from the caller into the invoked commands, as
           they are invoked from a fresh, isolated service forked off by the service manager.

       •   Authentication takes place via polkit[1], thus isolating the authentication prompt from the terminal (if
           possible).

       •   An independent pseudo-tty is allocated for the invoked command, detaching its lifecycle and isolating it
           for security.

       •   No SetUID/SetGID file access bit functionality is used for the implementation.

Altogether this should provide a safer and more robust alternative to the sudo mechanism, in particular in OS environments where SetUID/SetGID support is not available (for example by setting the NoNewPrivileges= variable
in systemd-system.conf(5)).

Does Archlinux set the NoNewPrivileges= variable? Should I be using run0 going forward? Any disadvantages, negative side-effects? Does some of you use it already instead of sudo?

3 Likes

I use it. The biggest disadvantage is that it requires you to enter your password every time.

3 Likes

That is good to know! Reassuring!

That I have noticed. I have started using it now as well. If that is the biggest disadvantage, so be it. The advantages seen to overweight.

1 Like

I honestly don’t know what to make of run0. I’m not even sure what it’s supposed to do. I’ve found articles here and there. But, still… between general sudo usage, yay and sudo pacman, I’m good for now.

And this seems quite vague and needlessly complicated at the same time. Particularly for a newer user to Linux.

4 Likes

Yes, I am glad because on my previous (or maybe 2 back?) install sudo would occassionally and (as far as I could tell) unpredictably stop authenticating correctly. It was nice to have another setuid program to fall back on, even though ‘su - root’ still worked too, even if it’s (run0) yet another roach in the systemd tree lol.
I contributed code to sudo a couple of times, but when I stop and consider how long ago THAT was (1997 era I think), it’s probably getting a bit long in the tooth and doesn’t seem as well maintained as it was back then. I may be wrong in my assessment, but that’s how I feel about things at the moment :slight_smile:
I also know sudo (which was originally a BSD thing as I recall), is now being replaced in BSD land with runas.

2 Likes

So there is now sudo, doas and run0/systemd-run. There ought to be a comparison table between these tools.

Also after reading the documentation it appears that run0 executes elevated privileges as a transient service. And there are some good options available with it like
--property=ProtectSystem=strict
this helps in avoiding any damage to the file systems.

From the manual

One point is not clarified. users who can run sudo can be controlled by /etc/sudoers file or by adding the user to the wheel/sudo group. There is no way to control something similar for run0 command.

2 Likes

I do as i please sometimes … Sudo,doas or run0 ..lol

2 Likes

I tried it when it was first available. I wasn’t impressed and forgot all about it until I read this thread. I will still use sudo as it’s an old habit.

Sudo: Big, mature, SUID-based. Config in /etc/sudoers. Runs sudo pacman -Syu. Lots of control, bigger target.

Doas: Lean, SUID, from OpenBSD. Config in /etc/doas.conf. Runs doas pacman -Syu. Simple, less to exploit.

Run0: Systemd 256, no SUID, Polkit-driven. Runs run0 pacman -Syu. Fresh, minimal config, prompts every time.

4 Likes

There’s also (at least)

  • pkexec
  • runuser

and probably many more not mentioned in this thread yet.

3 Likes

It is configurable on who can run the command. It is managed via polkit rules/actions.

3 Likes

ah good pick; so its possible to run stuf with wayland ? like sudo -E ?

Yes, you can preserve (or overwrite) environment variables with the --setenv flag.

https://man.archlinux.org/man/run0.1.en

--setenv=NAME[=VALUE]
Runs the invoked session with the specified environment variable set. This parameter may be used more than once to set multiple variables. When “=” and VALUE are omitted, the value of the variable with the same name in the invoking environment will be used.

Without the =VALUE argument it just preserves whatever the variable is set to in the user’s environment.

run0 --setenv=SOME_VARIABLE some_command

sudo -E passes the entire user environment to root, and really should not be used outside of testing or debugging issues.

3 Likes

I wish the forum offered a “LIKE” to fascinating threads, so I could tag it as awesome…

I ran a distro with doas (Alpine). Loved the distro but did not like doas. Sudo, I guess, is what @SudoMason “big, mature” and I had a comfort zone with it.

Using doas to me was not intuitive or natural so at least I could install sudo later.

Alpine (they didn’t have a DE I liked) was a very secure distro. True, doas has a small attack area. (Just for kicks Alpine’s programs were all in MUSL) so together. Alpine one of the most secure distros out there…except its a Linux world where Glibc rules and MUSL a small minority----but I digress into off-topic, so will stop here.

5 Likes

What are actually the advantages of run0?

This one here is certainly a disadvantage for me:

With sudo I can open a root shell and execute GUI apps, like gparted, gedit, etc. With run0 I dont get access to the display:

(gpartedbin:51310): Gtk-WARNING **: 09:31:02.996: cannot open display:

This is a show stopper for me.

1 Like

As a general rule (there are no absolute rules), GUI programs are frowned upon running as root.

Some see it like this but I dont.

I dont see any issue running gparted or gedit as root user.

1 Like

Well that’s your prerogative, but my point is that I’m sure that’s by design, ie working as envisioned.

1 Like

Why would you need a root shell for launching Gparted? I think it uses pkexec and I just click its icon to get a dialogue box where I put in my user password.

For text editing, I use a terminal based editor, nano, which works fine with run0. I know mousepad can be launched with pkexec if someone ever need to run a graphic text editor with elevated privilege. Perhaps gedit can too. I hve not tried.

Also, Archwiki clearly advises against running GUI application as root.

4 Likes

Maybe you don’t. The point is that it is totally unnecessary when it already launches with pkexec which is a safer way of launching a GUI application with elevated privilege.

1 Like