nixCraft 🐧
Tyler K. Nothing@nixCraft I’m not that advanced. What does this do?
Sam Lehman 
@tylerknowsnothing @nixCraft run0 is a new privilege escalation util provided by systemd.
Both run0 and sudo are for running commands with administrator privileges.
The question being asked is essentially, which one util will you use and which name will you use to reference it.
@Lehmanator @nixCraft Well, I generally use sudo, so likely the second option. Thanks! I really only use it for dnf searches and installs and whatnot. After 20+ years of using Linux I’m not sure I’ve ever created an alias LOLZ.
> After 20+ years of using Linux I’m not sure I’ve ever created an alias LOLZ.
Wild. I set aliases for everything & don't know how I'd live without them.
@Lehmanator @nixCraft I am but a lowly writer and could not code myself out of a paper bag to save my life :)
codeDude 
@Lehmanator @tylerknowsnothing @nixCraft Do you know some differences advantages of rhis run0? I've ever used sudo
@codeDude @tylerknowsnothing @nixCraft
sudo is a setuid binary. run0 doesn't use setuid.
setuid allows the caller command to run as another user's uid, usually root.
sudo basically takes your command and tries to run it as the user with minimal privileges necessary to complete the action.
@codeDude @tylerknowsnothing @nixCraft The main security problem with `sudo` is that it will pass a lot of environment context to the environment with escalated privileges.
e.g. the root env will need the user `$PATH` to find the binary.
That context can be hijacked to do dangerous stuff when executed as root.
`sudo` also has a lot of config. e.g. plugins, sudoers, etc. which makes for a big attack surface under setuid.
@codeDude @tylerknowsnothing @nixCraft `run0` is basically a symlink to `systemd-run`, which basically starts a oneshot systemd service that executes your command under the appropriate user.
None of this uses setuid, and the environment carried over is minimal, so it has less room for malicious or destructive behavior to be introduced.
@codeDude @tylerknowsnothing @nixCraft run0 access control is managed w/ `policyKit` instead of `sudoers`, which is a specific format to `sudo`.
Using `polkit` might also allow integrating w/ your desktop for the auth prompt, so you can have GNOME surface its UI & dim the rest of the desktop underneath. i.e. Windows' `run as administrator`.
This should make it harder for a fake UI keylogger to sit in between you & the password entry dialog like: `alias sudo='keylogger-fake-prompt | sudo'`
@codeDude @tylerknowsnothing @nixCraft right now I use sudo-rs (a sudo implementation in rust with a smaller feature set), but I'll probably switch to run0 once its been a little more battle tested.
@Lehmanator @tylerknowsnothing @nixCraft there are a lot rust alternative stuff, hours ago I noticed that I have an issue with weechat-matrix and then I figured our that there is a rust version 
@codeDude @tylerknowsnothing @nixCraft I keep using them because they keep working better than their non-rust predecessors.
Made me understand why people stan rust so hard, learning it even moreso.
Henri@tylerknowsnothing @nixCraft deletes your home directory
EDIT: I'm joking
synlogic@tylerknowsnothing @nixCraft run0 is systemd's new successor to sudo. Lennart Poettering
(@pid_eins) had some good Mastodon threads about it a few weeks ago if you want a quick intro
(@pid_eins) had some good Mastodon threads about it a few weeks ago if you want a quick intro
Colin B.🇨🇦unalias -a
drmorr@nixCraft for reasons I don't fully understand, I am "alias sudo=sudo"
You maybe think I'm making this up but I looked in my dotfiles the other day and, no, this is actually in there.
@nixCraft not sure yet. I use sudo-rs. May switch after trying out run0. I will probably always use sudo as the alias though.
Frank Abelbeck@nixCraft Neither.
sudo: command not found
London Eastfield 🇵🇸@nixCraft Umm... sudo is sudo. End of.
Harm@nixCraft I revome sudo as early in the installation process as possible, so neither.
Bonkers@nixCraft ssh -A root@host
boxspring@nixCraft Fuck this noise—I do everything as root and make _REALLY_ sure I’m typing the right thing.
@boxspring @nixCraft real men do telnet over UDP over unquestionably loyal carrier pigeons
Guillem Cantallops
Abandoned
init6@nixCraft I'm on team "systemd is going to annoy me back onto *bsd after 20+ years of Linux as desktop"
Michal Nemecek@nixCraft neither, I still use sudo
Fazal Majid@nixCraft I’m on team doas
Kusalananda@nixCraft I use doas on both OpenBSD and whatever Linux I happen to set up. Simpler than sudo and more portable than anything provided by systemd.
Arnaud Launay@nixCraft su .
$ su -
Mot de passe :
root@here:~#
tuxsec
Quien Sabe@nixCraft probably #2, but we'll see how easy it is to switch, it took me a while to acclimate to systemd.
ed(1) conferencecurl -s http://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/miniroot75.img > /dev/sda
works much better for me 
Will 
@nixCraft #1 run0 might be better but I am not typing it.
«lambalicious»@nixCraft Neither. I would avoid adding an alias to sudo as run0, simply to make sure I don't develop the bad habit of expecting run0, and systemd in general, to be available on machines I operate.
visone@nixCraft
alias ds='doas' #3
alias ds='doas' #3
Casjay@nixCraft
My alias file checks and sets accordingly
My alias file checks and sets accordingly