Will Linux’s New run0 Command Run sudo Out of Town?

I will use it. I don't care what others think. People can use su, sudo, doas, run0 by their choice, and I don't see why we need a common opinion about it.

This. One thing Linux is about is personal freedom.

If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.

Doing this every day just to open email is understandably fucking enraging even to me as a security """engineer"""/analyst/${bullshitblueteamemailreaderjob}

Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.

or reused ~~somewhere~~ everywhere ~~at some point~~ constantly
I agree with you. If i had to add my password everytime I’d just add my personal account to sudo group.
Good security works with people, not against them.
- SELinux has left the chat.

No.

You say that, but, lennart's Cancer is everywhere.
- ok them go suffer alone in your 2004 distro that can't update bash because it break the 400 scripts that it use to boot lmao

I might try run0 for fun, but I don't think it'll replace sudo any time soon.
The biggest issue I see is run0 purposely not copying any environment variables except for TERM.
You'd have to specify which editor to use, the current directory, stuff like PATH and HOME every time you run a command.

I'm not a fan of the idea at all, but come on, it can't really be that bad. There's got to be somewhere you can tell it what environment variables to use. Probably something like run0 systemd-edit /usr/system/systemd/systemrun/run0-environment --system-default=system
- it can't really be that bad.
  LoL; you say that... But
- run0 uses systemd-run i don't remember you can use that directly
Su - then
- You can't really install packages or modify configs on the host without root. Containers can only do some parts.
Alias it to pull those in automatically?
- Maybe, but now I still need to remember the alias or distribute it to any machine I'm working on.
  Not that difficult if you have everything managed with Ansible or similar anyways, but lots of people likely don't have that setup.

This just sounds like a a solution in search of a problem.

sudo has more than 220k lines of code, I can definitely see the use of a simpler alternative.
- Don't doas already fill that gap ?
The original problem was to automagically prompt the user for password, if he tried to run some systemd executable without the wheel privileges. At some point they decided to reuse the code for [a command that allows you to run stuff as root] replacement because sudo is too bloated and vulnerable.

Systemd, not linux

systemd/Linux, or as I've recently taken to calling it, systemd plus Linux
- Fortunately there's still Artix GNU+Linux :)
Laughs in Gentoo
That's SystemD+Linux to you!

Meaning, run0 is overengineered too?

no? it an alias to systemd-run, you can call an alias bloated
imo it's kinda like bash's bloatness. Sure, I'd use a less bloated shell but I need bash as a bash interpreter regardless, so using a smaller shell would actually be more bloat. In a similar way you already have systemd, so you don't really gain any more bloat by having this alias for systemd-run or how it's called.
- No, like, alternatives to systemd-stuff often do the same job in 1/3 or 1/10 the code.

Prompting for every single command seems like it'd suck

Also, you can configure sudo to prompt every time if you really want.
I was on a system that was configured that way for "security", so I would just 'sudo bash' which is obviously much safer /s.
- My system is configured that way (by me) and I regularly use sudo -s.
  I just want to see if there's a root shell and not rely on some hidden timeout 🙄
Yeah I mean at that point it's redundant because you might as well type su -c "some command here". On the other hand having such alias does no harm if you're already using systemd.

I don't know, we'll just have to see. But personally, I am not a fan of tying so many functionalities to systemd.

As it is running sudo with a long process is annoying missing and having to reenter my password or missing and the process timing out if I go afk to wait, I can't imagine having to type my password every few moments when I run an upgrade. Surely this is not the pitch. This is already looking dead in the water if so, and god help me if I have to remember to type run0.

No no no
It'll be systemctl --user enable --now systemd-run0d
- I'm dead

su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can't leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.

The permission to do admin things is given by the root user, to your account. So you have to verify your identity by entering your password.
Isn't that how it is? I though that was analogous to how almost everything worked IRL. Whether withdrawing funds from a bank or engaging government services, you prove your identity as a customer/citizen to get the relevant services. At no point do you login to bank or government computers with full privileges.
- If you own your own bank, then i think you login as the one with full previlages. Yes when doing administrator things, you have to use sudo. The problem with root with sudo is, you authenticate as a user, then gain full permission from root, i.e analogous to login in to bank with full previlages.
  As a person who need to run sudo command its better to just verify yourself as root user to gain "full access". I'm not saying about partial previlages. That is i just need a script which is just su -c with environment variables being copied
Completely agree with this take. There are dozens of us!

At the moment, fish doesn't know what to do with run0. When that changes, I'll start using it :)

I’m surprised they would implement having just run0 effectively log you in as root. For the super security conscious constrictions of the command versus sudo, it would seem that the very notion of elevating your privilege beyond the single command to be carried out, would be anathema to the whole goal of this new command. Evidently not, but it’s surprising to me.

you can run a command using run0 it's only elevating that commads, sometimes it's needed to login as root, it's life
- I'm trying to understand what you just wrote. Did you miss a period somewhere?

I'm going to continue to keep avoiding Poettering software for as long as he continues to act like a jackass. Even his commit messages are dripping with condescension.

Funny. I didn't know a single thing about the person. But that commit message made me like him more.
Ofc assuming he was just making a light-hearted joke in it.
- Users were complaining that their terminal transparency was being broken by the nspawn container and that the colour for other applications like tmux were being affected by it. For example tmux was appearing in the same navy blue in the terminal emulator instead of its usual green.
  Idk he's just a hot take merchant basically. He has a particular hate-boner for distros that don't use systemd as the default init system like void and gentoo (usually these are troll tweets as opposed to commit messages though).
- exactly lol
You'll have to give another example in order to support your point. Because that commit was funny!

I'll stick with doas

doass
Speaking of doas, is there any advantage of using it when… sudo is still available to be used? I agree that most of the stuff we require to use doesn't need all the options sudo as, but if it is for the sake of security, maintenance, and stability… is there any reason to use doas ON TOP of the already setup sudo or su? In the past, I even tried to just apply a simple alias to replace sudo with doas, but numerous scripts and programs when trying to request explicit super-user permissions, just didn't know what to do with doas as expected, so this ain't it.
- Speaking of doas, is there any advantage of using it when… sudo is still available to be used?
  I like that its configuration file is very very simple.
- I agree that most of the stuff we require to use doesn't need all the options sudo as
  Main reason of using doas
  but numerous scripts and programs when trying to request explicit super-user permissions, just didn't know what to do with doas as expected
  I've only found one software like that and it's tipi, and it's kinda dumb for a software to require such a easily replacable software. Also how openbsd users are supposed to do ? Having both doas and sudo on their machine which is unnecessary bloat ?

As the old adage goes: "All roads lead to /root"

Is it going to eventually add kernel functionality and become GNU/run0 like systemd? If not i'll keep using sudo on Ubuntu and doas everywhere else.

Sometimes I really hate the utility names people come up with.

I would love to see chatgpt rename all the core utils in a way that summarizes their function.

The name does do what it says & in just 4 char
I feel like this is well named (run as user 0) so then I'm wondering what else you dislike and what you think would be improvements?
- My complaint was mostly targeting the big picture of everything living in /bin/
  I inferred the 'user 0' thing to their credit like you, it just still felt really strange as numerals are kind of a no no when programming -- you can't begin variable and other names with them and I guess having them as a suffix feels strange too as it's not common practice.
  It will definitely be the only utility I recall that uses a numeral.
  To me the whole numeral systems are archaic, User ID numbers don't line up when transferring data from hard drives from another machine eg 1000-1005.
  The numeral permission system is archaic and requires explicit knowledge to know the difference between a 7 6 and 4. In GUI Immutability is separate when it should be more integrated as a file control. The octal permissions are from another decade and modern platforms have permissions on whether a executible can access the internet, access input devices like camera or microphone, or sensitive data like contacts, pictures, etc...
  I think file tagging should be greatly expanded, IDv3 meta data for example was a workaround for the limitations and the core filesystem should have robust enough tagging to make it unnecessary.
  I'll be controversial now -- eliminate the . prefix to hide files. Yes I know it had been this way for decades and was grandfathered in as a feature after a bug, that should have been in the filesystem properties like chattr +I and you shouldn't need .hidden indexes to hide files just like windows and osx litters zip files with MDF or inf or whatever (memory is fuzzy from non use).
  Some people say "4 character" limit, that needs to go too -- FHS naming structure is confusing and not self evident what it does to people trying to learn who already have IT training. /etc/ having 2 or more bins /bin vs /usr/bin -- 'what does usr mean the new it ponders' 'oh it must mean 'user' I guess'. -- weird stuff like that.
  To systemd credit they have no problem being controversial and relentlessly persuing their vision in a practical way, hell I use their stuff hapilly.
  I just feel like the run0 thing is a band aid on bigger problems, and AI critique would be very fascinating to make these human interfaces you know... more for us humans :P
  If not systemd, maybe the rust people or someone else will be baller enough to try to tackle these funny ackward quirks that have accumulated over the years and straighten it all out.
The one that really annoys me is using "-r" and "-R" interchangeably for recursion. Why that has stood is beyond me.
- Probably: "oh we already have a -r for xxx, let's do recursion with -R"
But it literally is a summary.
It run's an executable as the user with id 0 (root) and it's called run0.

I'd fedora starts to use it then yeah I'll use it but I'll just make an alias cause muscle memory

No, it'll just be yet another pile of bloat that'll separate IBM distros and their followers (rhel, fedora, centos, debian, arch) from the rest (alpine, void, gentoo, devuan, *BSD).

Wait Arch and Debian are owned by IBM? It sounds like one insane piece of conspiracy tbh.
- Nah, I'm just referring to IBM's acquisition of redhat. I've been referring to redhat as IBM in kind.
For clarity, ~~because the obnoxious ones out there didn't get it,~~ this refers to how Arch, Debian, Fedora and most other distros just default to systemd and hence can (and probably will) make use of run0. While, on the other hand, distros like Alpine, Artix, Devuan, Void and others (including *BSD-systems) will not. For distros with no defaults (e.g. Gentoo), the user gets to decide.