For example, with sudo you can simply invoke dnf5 with:
sudo dnf5 upgrade
However if you try this with run0:
run0 dnf5 upgrade
You get prompted to enter your password in a popup window.
It’s a bit of a PITA.
1 Like
Sudo is an old, tried & true, means of escalating privileges to root level. It is configured in the files /etc/sudoers and under /etc/sudoers.d/
Run0 appears to be a newer or alternate method of doing similar but probably uses different authentication so you would need to modify the config files for run0 (if there are any) to change the need for the password prompt.
Even sudo users must use a password or have the config files modified to allow use without the password.
I think he is talking just about the pkexec like password prompt.
I only know that when in a TTY, pkexec uses a CLI password prompt. So setting somewhere that the system has no GUI could fix this.
True, sudo has sudoers for this, the problem is run0 doesn’t apparently have a method.
This pretty much sums it up:
The “authenticate every time, all the time” requirements are likely to see some pushback from the user base, even if it is a more secure way to work.
Since this apparently is the case, I would tend to believe most folks are just going to stick with sudo. Entering a password everytime you want to enter a privileged command becomes a bit tedious. You already are aware (hopefully) since you are prefixing the command with “run0” in the first place.
So do you want to
- make the GUI prompt be a CLI prompt?
- add a password cooldown like for 1 minute?
- remove the need for any password?
I would like it to act more like sudo and allow you to eliminate the need for additional authentication via some type of configuration. If folks were expecting a drop-in replacement for sudo (me included), this unfortunately isn’t it. If you don’t mind entering a password every single time you invoke run0, you’ll be happy. Otherwise, not so much.
run0 uses polkit.
There’s an request to add persistent authentication run0: persistent authentication feature (if possible, probably not) · Issue #33366 · systemd/systemd · GitHub
You could add a polkit rule to bypass the authentication.
2 Likes
Still, do you want no password at all, or just not for a certain time after the last correct one?
That doesn’t appear to be a possible and/or recommended solution based upon the bug report you provided. Many people are complaining, so best bet is to just wait it out and see what they come up with. No hurry, sudo works just fine.
That said, looks like the problem is being worked. I’ll just wait until they come up with a solution. In the meantime, sudo works just fine.
You can do this by adding a polkit rule allowing your user to manage systemd units. The rule below also requires you to be in the wheel group.
It does work, but I feel like it’s overkill…
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.user == "username" &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
} });
1 Like
Thanks very much for taking the time to figure that out. I agree though it does seem a bit of overkill. I’ll just wait. At the moment there doesn’t appear to be a compelling use case over sudo. run0 does allow you to just open terminal window and type the command without arguments, which basically goes into su mode. I guess that’s one way to get around having to enter a password for each command, plus you get the nice red tinted background. Just exit when you are done.