Replacing sudo & pkexec with run0, experiments and issues

don’t do this on a production machine!

The new systemd run0 is supposed to be a good security leap. It uses polkit in the background and works without a setuid binary (like sudo or pkexec are).

It can replace sudo, which means as a start we could begin with removing setuid from the pkexec and sudo binaries and see what happens.

At a user level we could do

cat >> ~/.bashrc <<EOF
alias sudo=run0
alias pkexec=run0
EOF

cat >> ~/.zshrc <<EOF
alias sudo=run0
alias pkexec=run0
EOF

cat >> ~/.config/fish/config.fish <<EOF
alias sudo=run0
alias pkexec=run0
EOF

And possibly get things to work that expect sudo (a lot) or pkexec (probably not much).

Possible would also be to remove sudo altogether, but, test in a VM or a secondary SDD.

When removing sudo a while ago, on KDE shutdown was broken. init 0 could be used instead, but not sure how KDE interacts here.

run0 mv /etc/dnf/protected.d/sudo.conf /etc/dnf/protected.d/sudo.conf.disabled

# dnf
run0 dnf remove sudo

# rpm-ostree
rpm-ostree override-remove sudo

But until then we need to test it. What non-cosmetical issues did you get, if any?

Here are issues with run0 in the systemd tracker

I see many problems with this approach. run0 has a completely different configuration mechanism — polkit instead of the bespoke sudoers files. So anyone who has local rules cannot just replace one by the other without rewriting them. Also, sudo is integrated with various other tools (ldap?) and run0/polkit don’t necessarily have the same support. Also, run0 doesn’t support the same commandline options, so it’s not a drop-in replacement for sudo. Some simple commands work the same, but anything more complicated is going to fail. Finally, run0 is fairly new, while sudo has had decades of development. So while the design of run0 is pretty good, I think it’s too early to say that it’s a “security leap”. I would prefer to wait for more evaluations and testing.

1 Like

Yes for sure. I had a SELinux denial when trying to run an rsync script with run0.