mirror of
https://github.com/systemd/systemd.git
synced 2025-01-09 01:18:19 +03:00
Rename uid0 to run0
Naming is always a matter of preference, and the old name would certainly work, but I think the new one has the following advantages: - A verb is better than a noun. - The name more similar to "the competition", i.e. 'sudo', 'pkexec', 'runas', 'doas', which generally include an action verb. - The connection between 'systemd-run' and 'run0' is more obvious. There has been no release yet with the old name, so we can rename without caring for backwards compatibility.
This commit is contained in:
parent
d1f3cd7aaa
commit
7aed434371
2
NEWS
2
NEWS
@ -329,7 +329,7 @@ CHANGES WITH 256 in spe:
|
||||
|
||||
Command-line tools:
|
||||
|
||||
* systemd-run is now a multi-call binary. When invoked as 'uid0', it
|
||||
* systemd-run is now a multi-call binary. When invoked as 'run0', it
|
||||
provides as interface similar to 'sudo', with all arguments starting
|
||||
at the first non-option parameter being treated the command to
|
||||
invoke as root. Unlike 'sudo' and similar tools, it does not make use
|
||||
|
2
TODO
2
TODO
@ -255,7 +255,7 @@ Features:
|
||||
|
||||
* add a new ExecStart= flag that inserts the configured user's shell as first
|
||||
word in the command line. (maybe use character '.'). Usecase: tool such as
|
||||
uid0 can use that to spawn the target user's default shell.
|
||||
run0 can use that to spawn the target user's default shell.
|
||||
|
||||
* varlink: figure out how to do docs for our varlink interfaces. Idea: install
|
||||
interface files augmented with docs in /usr/share/ somewhere. And have
|
||||
|
@ -75,6 +75,7 @@ manpages = [
|
||||
['repart.d', '5', [], 'ENABLE_REPART'],
|
||||
['resolvectl', '1', ['resolvconf'], 'ENABLE_RESOLVE'],
|
||||
['resolved.conf', '5', ['resolved.conf.d'], 'ENABLE_RESOLVE'],
|
||||
['run0', '1', [], ''],
|
||||
['runlevel', '8', [], 'HAVE_SYSV_COMPAT'],
|
||||
['sd-bus-errors',
|
||||
'3',
|
||||
@ -1265,7 +1266,6 @@ manpages = [
|
||||
''],
|
||||
['udev_new', '3', ['udev_ref', 'udev_unref'], ''],
|
||||
['udevadm', '8', [], ''],
|
||||
['uid0', '1', [], ''],
|
||||
['ukify', '1', [], 'ENABLE_UKIFY'],
|
||||
['user@.service',
|
||||
'5',
|
||||
|
@ -3,27 +3,27 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||||
|
||||
<refentry id="uid0"
|
||||
<refentry id="run0"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
|
||||
<refentryinfo>
|
||||
<title>uid0</title>
|
||||
<title>run0</title>
|
||||
<productname>systemd</productname>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>uid0</refentrytitle>
|
||||
<refentrytitle>run0</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>uid0</refname>
|
||||
<refname>run0</refname>
|
||||
<refpurpose>Elevate privileges</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>uid0</command>
|
||||
<command>run0</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<arg choice="opt" rep="repeat">COMMAND</arg>
|
||||
</cmdsynopsis>
|
||||
@ -32,7 +32,7 @@
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><command>uid0</command> may be used to temporarily and interactively acquire elevated or different
|
||||
<para><command>run0</command> may be used to temporarily and interactively acquire elevated or different
|
||||
privileges. It serves a similar purpose as <citerefentry
|
||||
project='man-pages'><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry>, but
|
||||
operates differently in a couple of key areas:</para>
|
||||
@ -57,10 +57,10 @@
|
||||
setting the <varname>NoNewPrivileges=</varname> variable in
|
||||
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
|
||||
|
||||
<para>Any session invoked via <command>uid0</command> will run through the
|
||||
<literal>systemd-uid0</literal> PAM stack.</para>
|
||||
<para>Any session invoked via <command>run0</command> will run through the
|
||||
<literal>systemd-run0</literal> PAM stack.</para>
|
||||
|
||||
<para>Note that <command>uid0</command> is implemented as an alternative multi-call invocation of
|
||||
<para>Note that <command>run0</command> is implemented as an alternative multi-call invocation of
|
||||
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
||||
</refsect1>
|
||||
|
||||
@ -123,11 +123,11 @@
|
||||
<term><option>--slice-inherit</option></term>
|
||||
|
||||
<listitem><para>Make the new <filename>.service</filename> unit part of the slice the
|
||||
<command>uid0</command> itself has been invoked in. This option may be combined with
|
||||
<command>run0</command> itself has been invoked in. This option may be combined with
|
||||
<option>--slice=</option>, in which case the slice specified via <option>--slice=</option> is placed
|
||||
within the slice the <command>uid0</command> command is invoked in.</para>
|
||||
within the slice the <command>run0</command> command is invoked in.</para>
|
||||
|
||||
<para>Example: consider <command>uid0</command> being invoked in the slice
|
||||
<para>Example: consider <command>run0</command> being invoked in the slice
|
||||
<filename>foo.slice</filename>, and the <option>--slice=</option> argument is
|
||||
<filename>bar</filename>. The unit will then be placed under
|
||||
<filename>foo-bar.slice</filename>.</para>
|
||||
@ -215,7 +215,7 @@
|
||||
<refsect1>
|
||||
<title>Exit status</title>
|
||||
|
||||
<para>On success, 0 is returned. If <command>uid0</command> failed to start the session or the specified command fails, a
|
||||
<para>On success, 0 is returned. If <command>run0</command> failed to start the session or the specified command fails, a
|
||||
non-zero return value will be returned.</para>
|
||||
</refsect1>
|
||||
|
@ -706,7 +706,7 @@ $ systemd-run --user --wait -p SuccessExitStatus=SIGUSR1 --expand-environment=no
|
||||
<member><citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-mount</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>uid0</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>run0</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
</simplelist></para>
|
||||
</refsect1>
|
||||
|
||||
|
@ -12,12 +12,12 @@ install_emptydir(bindir)
|
||||
|
||||
meson.add_install_script(sh, '-c',
|
||||
ln_s.format(bindir / 'systemd-run',
|
||||
bindir / 'uid0'))
|
||||
bindir / 'run0'))
|
||||
|
||||
custom_target(
|
||||
'systemd-uid0',
|
||||
input : 'systemd-uid0.in',
|
||||
output : 'systemd-uid0',
|
||||
'systemd-run0',
|
||||
input : 'systemd-run0.in',
|
||||
output : 'systemd-run0',
|
||||
command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
|
||||
install : pamconfdir != 'no',
|
||||
install_dir : pamconfdir)
|
||||
|
@ -159,7 +159,7 @@ static int help_sudo_mode(void) {
|
||||
_cleanup_free_ char *link = NULL;
|
||||
int r;
|
||||
|
||||
r = terminal_urlify_man("uid0", "1", &link);
|
||||
r = terminal_urlify_man("run0", "1", &link);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
@ -743,7 +743,7 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
|
||||
ARG_BACKGROUND,
|
||||
};
|
||||
|
||||
/* If invoked as "uid0" binary, let's expose a more sudo-like interface. We add various extensions
|
||||
/* If invoked as "run0" binary, let's expose a more sudo-like interface. We add various extensions
|
||||
* though (but limit the extension to long options). */
|
||||
|
||||
static const struct option options[] = {
|
||||
@ -943,7 +943,7 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
|
||||
if (strv_extendf(&arg_property, "LogExtraFields=ELEVATED_USER=%s", un) < 0)
|
||||
return log_oom();
|
||||
|
||||
if (strv_extend(&arg_property, "PAMName=systemd-uid0") < 0)
|
||||
if (strv_extend(&arg_property, "PAMName=systemd-run0") < 0)
|
||||
return log_oom();
|
||||
|
||||
if (!arg_background && arg_stdio == ARG_STDIO_PTY) {
|
||||
@ -2262,7 +2262,7 @@ static int run(int argc, char* argv[]) {
|
||||
log_parse_environment();
|
||||
log_open();
|
||||
|
||||
if (invoked_as(argv, "uid0"))
|
||||
if (invoked_as(argv, "run0"))
|
||||
r = parse_argv_sudo_mode(argc, argv);
|
||||
else
|
||||
r = parse_argv(argc, argv);
|
||||
|
@ -1,7 +1,7 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# Used by uid0 sessions
|
||||
# Used by run0 sessions
|
||||
|
||||
{% if ENABLE_HOMED %}
|
||||
-account sufficient pam_systemd_home.so
|
@ -231,15 +231,15 @@ assert_eq "$KVER" "$UNIT_KVER"
|
||||
umount /proc/version
|
||||
rm -f "$TMP_KVER"
|
||||
|
||||
# Check that invoking the tool under the uid0 alias name works
|
||||
uid0 ls /
|
||||
assert_eq "$(uid0 echo foo)" "foo"
|
||||
# Check that invoking the tool under the run0 alias name works
|
||||
run0 ls /
|
||||
assert_eq "$(run0 echo foo)" "foo"
|
||||
# Check if we set some expected environment variables
|
||||
for arg in "" "--user=root" "--user=testuser"; do
|
||||
assert_eq "$(uid0 ${arg:+"$arg"} bash -c 'echo $SUDO_USER')" "$USER"
|
||||
assert_eq "$(uid0 ${arg:+"$arg"} bash -c 'echo $SUDO_UID')" "$(id -u "$USER")"
|
||||
assert_eq "$(uid0 ${arg:+"$arg"} bash -c 'echo $SUDO_GID')" "$(id -u "$USER")"
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_USER')" "$USER"
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_UID')" "$(id -u "$USER")"
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_GID')" "$(id -u "$USER")"
|
||||
done
|
||||
# Let's chain a couple of uid0 calls together, for fun
|
||||
readarray -t cmdline < <(printf "%.0suid0\n" {0..31})
|
||||
# Let's chain a couple of run0 calls together, for fun
|
||||
readarray -t cmdline < <(printf "%.0srun0\n" {0..31})
|
||||
assert_eq "$("${cmdline[@]}" bash -c 'echo $SUDO_USER')" "$USER"
|
||||
|
Loading…
Reference in New Issue
Block a user