←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 1 comments | 29 Apr 24 23:59 UTC | HN request time: 0.347s | source
Show context
kevincox ◴[30 Apr 24 15:57 UTC] No.40212503[source]
> One could say, "run0" is closer to behaviour of "ssh" than to "sudo", in many ways.

This is an interesting offhand comment. You could implement a very similar tool by SSHing to localhost.

replies(5): >>40214944 #>>40215277 #>>40215636 #>>40217356 #>>40217679 #
m463 ◴[30 Apr 24 22:44 UTC] No.40217356[source]
I had to write an ssh client for an embedded system long ago.

Looking at the design, I found it to be sort of messy.

You could restrict commands ssh could invoke, but it didn't seem super secure.

Also scp/sftp was not well designed. You basically had to give ssh access to your system to allow a file to be copied, and there were no real path restrictions.

I personally thought ssh could be much more robust in what you could run and what you couldn't. And scp/sftp could have better filesystem semantics so you could have more security in what you could access.

And I thought having a write-only scp would be really interesting, sort of like a dropbox for people to send you files securely, but not have to give someone ssh credentials to do it. And an anoymous scp/sftp for distribution or a dropbox could have been really interesting too.

replies(3): >>40218088 #>>40220008 #>>40222236 #
1. __s ◴[01 May 24 12:31 UTC] No.40222236[source]
You can restrict SSH commands by having it serve a restricted shell instead of arbitrary shell. Like how there's games where you can SSH into server to play

https://crawl.develz.org/wordpress/howto#connecting