Today I had a first: a completely unpracticed, but still successful #lightning #talk at #oSC26 :-)

Someone talked about replacing #sudo with #systemd's #run0, so I talked about a feature not implemented there, but used at many places after my various sudo talks: central session recording

Read more about it at https://opensource.com/article/22/3/sudo-session-recordings-raspberry-pi

Been using run0 instead of sudo.  I'll admit that I don't fully understand exactly what's going on behind the scenes, and how that is different from whatever's going on behind the scenes with sudo.  I do like that the terminal turns red whenever it's using root privileges, though; I feel like that's something that should be standard, especially when you consider it in terms of running commands with more than one step, like:

So, if the screen is red, that means that step 1 completed successfully, which means that we're on step 2 now.

It just seems like common sense, honestly.

#Linux #Unix #CommandLine #run0 #systemd

While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

Disabling setuid does not mitigate it, but reduces the attack surfaces overall significantly.

Instead of #sudo, #su, #pkexec and other #setuid binaries you can use #run0 or a dedicated root account.

I have disabled setuid for a bunch of binaries I don't need, they still work when ran as root, with run0 or #sudo-rs.

```nix
boot.blacklistedKernelModules = [
"algif_aead"
];

security.sudo.enable = false;

security.wrappers = {
su.enable = false;
pkexec.enable = false;

# example setuid binary
chsh = {
source = "${pkgs.shadow}/bin/chsh";
setuid = lib.mkForce false;
owner = "root";
group = "root";
};
};
```

This week's Cockpit release adds a systemd/polkit-based superuser authentication (think `run0`) as a fallback when sudo is not available/broken. It also finally removes the long-deprecated pam_cockpit_cert module.

https://cockpit-project.org/blog/cockpit-355.html

#cockpit #release #run0

Am I missing some #environmentVariable when running #dnf with #run0, it throws at me 203 #exitcode

I checked the run0 and dnf #manpage, but found nothing specific :/

Anyway, run0 still is better than #sudo, as i like having #gnome show me #polkit password dialog, and I know then at least I will enter that password into correct application.

#linux #fedora #systemd

engang for hundre år siden, da jeg først begynte med #Linux, så var liksom ikke #sudo en greie. Og så ble det det, og en del av oss himlet litt med øynene av "sudo su" og sånt, men så ble det etter hvert ganske vanlig.

Men mellom det @pid_eins har skravlet om rundt #run0, og @trifectatech sin #sudors, så er det kanskje på tide å gå tilbake til å ikke ha vanilla sudo på maskina igjen?

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

The one thing that makes systemd run0 annoying to use is that it'll ask you every time for the password. With sudo you have this 10 minutes where it won't ask again.

I know the technical reasons, but still this drives me back to sudo.

#systemd #run0 #sudo #Linux

How to Use #Run0 in #Linux

https://www.maketecheasier.com/how-to-use-run0-in-linux/

Ist es möglich, run0 als eine Alternative zu sudo zu nutzen?

Die Antwort findet ihr unseren Blogbeitrag:
https://www.credativ.de/blog/credativ-inside/run0-als-sudo-alternative/

#credativ #NetApp #run0 #sudo #Debian

Discover run0 for Linux, a passwordless command execution tool. Learn its similarities and differences with sudo, security analysis, installation, and usage for daily tasks and automation.

https://linuxexpert.org/understanding-run0/

#Linux #LinuxTools #run0 #sudo #SystemAdministration #LinuxCommands #LinuxTips #RootAccess #PasswordlessCommands #Automation #Security #LinuxTutorial #TechTips #AdminTools #ITSecurity #OpenSource #LinuxLearning #DevOps #SysAdmin #LinuxCommunity