←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 3 comments | 29 Apr 24 23:59 UTC | HN request time: 0.677s | source
Show context
kevincox ◴[30 Apr 24 15:57 UTC] No.40212503[source]
> One could say, "run0" is closer to behaviour of "ssh" than to "sudo", in many ways.

This is an interesting offhand comment. You could implement a very similar tool by SSHing to localhost.

replies(5): >>40214944 #>>40215277 #>>40215636 #>>40217356 #>>40217679 #
Arnavion ◴[30 Apr 24 19:34 UTC] No.40215277[source]
Technically `sudo -u` can switch to any user on the system while only a limited few would be allowed as ssh targets. Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.
replies(2): >>40215711 #>>40218852 #
1. fsckboy ◴[01 May 24 02:21 UTC] No.40218852[source]
>Even root might not be allowed as an ssh target if `PermitRootLogin` is set to `no`, which I do on all my systems.

would something like PermitRootLogin=localhost punch an enormous hole in your intricate opsec?

replies(1): >>40219480 #
2. jimbobthrowawy ◴[01 May 24 04:23 UTC] No.40219480[source]
I've set up tor on some machines to forward ssh as a hidden service for an easy to configure way to get past NAT before. That shows up as a login from localhost. (could be configured differently, with some extra work)

There's so ways to configure access to a system, each with footguns I'm surely unaware of.

replies(1): >>40219723 #
3. ◴[01 May 24 05:11 UTC] No.40219723[source]