I've done the same, and even written some policy kit examples. But it's difficult to surmise all the 'deltas' from 'sudo', and thus why having some form of documentation from the team delivering this would help countless others.
In the case of 'run0', does appear it really is layering upon what "pkexec' already provides, but without any great level of details other than what Leanard Poettering announced in a chat. And y, if 'polkit' development views this a superior/more secure alternative to 'sudo', perhaps the docs I'd like to see should come from that area. Thanks. ________________________________ From: Barry Scott <ba...@barrys-emacs.org> Sent: Friday, June 27, 2025 4:32 AM To: SCOTT FIELDS <scott.fie...@kyndryl.com> Cc: Nils Kattenbeck <nilskem...@gmail.com>; Systemd <systemd-devel@lists.freedesktop.org> Subject: [EXTERNAL] Re: [systemd-devel] Documentation on 'run0' command in Systemd >256 On 26 Jun 2025, at 17: 58, SCOTT FIELDS <Scott. Fields@ kyndryl. com> wrote: I never said it was a drop-in replacement. But if the goal is to use this instead of "sudo", some migration documentation would help quite a bit. I know the implementation On 26 Jun 2025, at 17:58, SCOTT FIELDS <scott.fie...@kyndryl.com> wrote: I never said it was a drop-in replacement. But if the goal is to use this instead of "sudo", some migration documentation would help quite a bit. I know the implementation will not work with current "sudoers" configurations, nor will it ever per comments from Leonard Poettering. But the current documentation I find lacking in how to perform the same functions I'm already doing with "sudo". It's on my TODO list workout how to move from sudo to run0 as well. The lack of how-to docs has held me back as well. I've got as far as knowing that I need to learn about writing polkit rules to allow run0 to replace sudo. To that end looking at pkexec and it's docs is the way into this world I think. Barry ________________________________ From: Nils Kattenbeck <nilskem...@gmail.com<mailto:nilskem...@gmail.com>> Sent: Thursday, June 26, 2025 11:50 AM To: SCOTT FIELDS <scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>> Cc: Systemd <systemd-devel@lists.freedesktop.org<mailto:systemd-devel@lists.freedesktop.org>> Subject: [EXTERNAL] Re: [systemd-devel] Documentation on 'run0' command in Systemd >256 run0 is not a drop-in replacement for sudo in every case. It works inherently different but therein lies its strength (but also its weaknesses). For allowing only specific commands you will need to look into setting up polkit rules because that is what run0 uses in the back to check if running the command should be allowed. Cheers, Nils On Wed, Jun 25, 2025 at 11:30 PM SCOTT FIELDS <scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>> wrote: > > 'run0' is defined as a better 'sudo', though the documentation I see is a bit > sparse. > > Is documentation regarding how to get similiar function from 'run0' as you > can in a sudo configuration file present anywhere? > > Primary issue is restricting access to specific users and commands. > > The latter is the what I see not really documented. > > And more specifically, how to specify "wildcard" formatted commands, if > currently possible at all, directly. > > Essentially, more a porting guide for moving an existing 'sudo' configuration > to the new 'run0' infrastructure. > > Scott Fields > Kyndryl
