←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 6 comments | 29 Apr 24 23:59 UTC | HN request time: 0.001s | source | bottom
Show context
kevincox ◴[30 Apr 24 15:57 UTC] No.40212503[source]
> One could say, "run0" is closer to behaviour of "ssh" than to "sudo", in many ways.

This is an interesting offhand comment. You could implement a very similar tool by SSHing to localhost.

replies(5): >>40214944 #>>40215277 #>>40215636 #>>40217356 #>>40217679 #
1. Arnavion ◴[30 Apr 24 19:34 UTC] No.40215277[source]
Technically `sudo -u` can switch to any user on the system while only a limited few would be allowed as ssh targets. Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.
replies(2): >>40215711 #>>40218852 #
2. pmontra ◴[30 Apr 24 20:10 UTC] No.40215711[source]
I do use that a lot

  sudo -H -u user bash
after I ssh into a server with my own account. That other user might even be a no login account.
replies(1): >>40216926 #
3. noinsight ◴[30 Apr 24 21:58 UTC] No.40216926[source]
You can just use `-i` instead of `bash`. (This method indeed requires a shell configured, your method is needed with nologin.)
4. fsckboy ◴[01 May 24 02:21 UTC] No.40218852[source]
>Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.

would something like PermitRootLogin=localhost punch an enormous hole in your intricate opsec?

replies(1): >>40219480 #
5. jimbobthrowawy ◴[01 May 24 04:23 UTC] No.40219480[source]
I've set up tor on some machines to forward ssh as a hidden service for an easy to configure way to get past NAT before. That shows up as a login from localhost. (could be configured differently, with some extra work)

There's so ways to configure access to a system, each with footguns I'm surely unaware of.

replies(1): >>40219723 #
6. ◴[01 May 24 05:11 UTC] No.40219723{3}[source]