From 78e9bb837c258ac0ec7712b3d612cc2f407e731e Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 05:50:42 +0200 Subject: Merging upstream version 256. Signed-off-by: Daniel Baumann --- man/run0.xml | 279 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 279 insertions(+) create mode 100644 man/run0.xml (limited to 'man/run0.xml') diff --git a/man/run0.xml b/man/run0.xml new file mode 100644 index 0000000..d7460d9 --- /dev/null +++ b/man/run0.xml @@ -0,0 +1,279 @@ + + + + + + + + run0 + systemd + + + + run0 + 1 + + + + run0 + Elevate privileges + + + + + run0 + OPTIONS + COMMAND + + + + + Description + + run0 may be used to temporarily and interactively acquire elevated or different + privileges. It serves a similar purpose as sudo8, but + operates differently in a couple of key areas: + + + No execution or security context credentials are inherited from the caller into the + invoked commands, as they are invoked from a fresh, isolated service forked off by the service manager. + + + Authentication takes place via polkit, thus isolating the + authentication prompt from the terminal (if possible). + + An independent pseudo-tty is allocated for the invoked command, detaching its lifecycle and + isolating it for security. + + No SetUID/SetGID file access bit functionality is used for the implementation. + + + Altogether this should provide a safer and more robust alternative to the sudo + mechanism, in particular in OS environments where SetUID/SetGID support is not available (for example by + setting the NoNewPrivileges= variable in + systemd-system.conf5). + + Any session invoked via run0 will run through the + systemd-run0 PAM stack. + + Note that run0 is implemented as an alternative multi-call invocation of + systemd-run1. + + + + Options + + The following options are understood: + + + + + + Do not query the user for authentication for privileged operations. + + + + + + + + Use this unit name instead of an automatically generated one. + + + + + + + + Sets a property on the service unit that is created. This option takes an assignment + in the same format as + systemctl1's + set-property command. + + + + + + + + + Provide a description for the service unit that is invoked. If not specified, + the command itself will be used as a description. See Description= in + systemd.unit5. + + + + + + + + + Make the new .service unit part of the specified slice, instead + of user.slice. + + + + + + + + + Make the new .service unit part of the slice the + run0 itself has been invoked in. This option may be combined with + , in which case the slice specified via is placed + within the slice the run0 command is invoked in. + + Example: consider run0 being invoked in the slice + foo.slice, and the argument is + bar. The unit will then be placed under + foo-bar.slice. + + + + + + + + + + + + + Switches to the specified user/group instead of root. + + + + + + + + + Runs the invoked session with the specified nice level. + + + + + + + + + + Runs the invoked session with the specified working directory. If not specified + defaults to the client's current working directory if switching to the root user, or the target + user's home directory otherwise. + + + + + + + + + Runs the invoked session with the specified environment variable set. This parameter + may be used more than once to set multiple variables. When = and + VALUE are omitted, the value of the variable with the same name in the + invoking environment will be used. + + + + + + + + + Change the terminal background color to the specified ANSI color as long as the + session lasts. If not specified, the background will be tinted in a reddish tone when operating as + root, and in a yellowish tone when operating under another UID, as reminder of the changed + privileges. The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as + 40, 41, …, 47, 48;2;…, + 48;5;…. See ANSI + Escape Code (Wikipedia) for details. Set to an empty string to disable. + + Example: --background=44 for a blue background. + + + + + + + + + + Execute operation on a local container. Specify a container name to connect to. + + + + + + + + + + All command line arguments after the first non-option argument become part of the command line of + the launched process. If no command line is specified an interactive shell is invoked. The shell to + invoke may be controlled via and currently defaults to the + originating user's shell (i.e. not the target user's!) if operating locally, or + /bin/sh when operating with . + + + + Exit status + + On success, 0 is returned. If run0 failed to start the session or the specified command fails, a + non-zero return value will be returned. + + + + Environment Variables + + As with systemd-run, the session will inherit the system + environment from the service manager. In addition, the following environment variables will be set: + + + + $TERM + Copied from the $TERM of the caller. Can be overridden with + + + + + + + $SUDO_USER + Set to the username of the originating user. + + + + + + $SUDO_UID + Set to the numeric UNIX user id of the originating user. + + + + + + $SUDO_GID + Set to the primary numeric UNIX group id of the originating session. + + + + + + + + See Also + + systemd1 + systemd-run1 + sudo8 + machinectl1 + + + + -- cgit v1.2.3