run0systemdrun01run0Elevate privilegesrun0OPTIONSCOMMANDDescriptionrun0 may be used to temporarily and interactively acquire elevated or different
privileges. It serves a similar purpose as sudo8, but
operates differently in a couple of key areas:No execution or security context credentials are inherited from the caller into the
invoked commands, as they are invoked from a fresh, isolated service forked off by the service manager.
Authentication takes place via polkit, thus isolating the
authentication prompt from the terminal (if possible).An independent pseudo-tty is allocated for the invoked command, detaching its lifecycle and
isolating it for security.No SetUID/SetGID file access bit functionality is used for the implementation.Altogether this should provide a safer and more robust alternative to the sudo
mechanism, in particular in OS environments where SetUID/SetGID support is not available (for example by
setting the NoNewPrivileges= variable in
systemd-system.conf5).Any session invoked via run0 will run through the
systemd-run0 PAM stack.Note that run0 is implemented as an alternative multi-call invocation of
systemd-run1.OptionsThe following options are understood:Do not query the user for authentication for privileged operations.Use this unit name instead of an automatically generated one.Sets a property on the service unit that is created. This option takes an assignment
in the same format as
systemctl1's
set-property command.Provide a description for the service unit that is invoked. If not specified,
the command itself will be used as a description. See Description= in
systemd.unit5.
Make the new .service unit part of the specified slice, instead
of user.slice.Make the new .service unit part of the slice the
run0 itself has been invoked in. This option may be combined with
, in which case the slice specified via is placed
within the slice the run0 command is invoked in.Example: consider run0 being invoked in the slice
foo.slice, and the argument is
bar. The unit will then be placed under
foo-bar.slice.Switches to the specified user/group instead of root.Runs the invoked session with the specified nice level.Runs the invoked session with the specified working directory. If not specified
defaults to the client's current working directory if switching to the root user, or the target
user's home directory otherwise.Runs the invoked session with the specified environment variable set. This parameter
may be used more than once to set multiple variables. When = and
VALUE are omitted, the value of the variable with the same name in the
invoking environment will be used.Change the terminal background color to the specified ANSI color as long as the
session lasts. If not specified, the background will be tinted in a reddish tone when operating as
root, and in a yellowish tone when operating under another UID, as reminder of the changed
privileges. The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as
40, 41, …, 47, 48;2;…,
48;5;…. See ANSI
Escape Code (Wikipedia) for details. Set to an empty string to disable.Example: --background=44 for a blue background.Execute operation on a local container. Specify a container name to connect to, optionally
prefixed by a user name to connect as and a separating @ character. If the special
string .host is used in place of the container name, a connection to the local
system is made. If the @ syntax is not used, the connection is made as root user.
If the @ syntax is used either the left hand side or the right hand side may be
omitted (but not both) in which case the local user name and .host are implied.
All command line arguments after the first non-option argument become part of the command line of
the launched process. If no command line is specified an interactive shell is invoked. The shell to
invoke may be controlled via and currently defaults to the
originating user's shell (i.e. not the target user's!) if operating locally, or
/bin/sh when operating with .Exit statusOn success, 0 is returned. If run0 failed to start the session or the specified command fails, a
non-zero return value will be returned.Environment VariablesAs with systemd-run, the session will inherit the system
environment from the service manager. In addition, the following environment variables will be set:$TERMCopied from the $TERM of the caller. Can be overridden with
$SUDO_USERSet to the username of the originating user.$SUDO_UIDSet to the numeric UNIX user id of the originating user.$SUDO_GIDSet to the primary numeric UNIX group id of the originating session.See Alsosystemd1systemd-run1sudo8machinectl1