Command-line tools:
- * systemd-run is now a multi-call binary. When invoked as 'uid0', it
+ * systemd-run is now a multi-call binary. When invoked as 'run0', it
provides as interface similar to 'sudo', with all arguments starting
at the first non-option parameter being treated the command to
invoke as root. Unlike 'sudo' and similar tools, it does not make use
* add a new ExecStart= flag that inserts the configured user's shell as first
word in the command line. (maybe use character '.'). Usecase: tool such as
- uid0 can use that to spawn the target user's default shell.
+ run0 can use that to spawn the target user's default shell.
* varlink: figure out how to do docs for our varlink interfaces. Idea: install
interface files augmented with docs in /usr/share/ somewhere. And have
['repart.d', '5', [], 'ENABLE_REPART'],
['resolvectl', '1', ['resolvconf'], 'ENABLE_RESOLVE'],
['resolved.conf', '5', ['resolved.conf.d'], 'ENABLE_RESOLVE'],
+ ['run0', '1', [], ''],
['runlevel', '8', [], 'HAVE_SYSV_COMPAT'],
['sd-bus-errors',
'3',
''],
['udev_new', '3', ['udev_ref', 'udev_unref'], ''],
['udevadm', '8', [], ''],
- ['uid0', '1', [], ''],
['ukify', '1', [], 'ENABLE_UKIFY'],
['user@.service',
'5',
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
-<refentry id="uid0"
+<refentry id="run0"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
- <title>uid0</title>
+ <title>run0</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
- <refentrytitle>uid0</refentrytitle>
+ <refentrytitle>run0</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
- <refname>uid0</refname>
+ <refname>run0</refname>
<refpurpose>Elevate privileges</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>uid0</command>
+ <command>run0</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="opt" rep="repeat">COMMAND</arg>
</cmdsynopsis>
<refsect1>
<title>Description</title>
- <para><command>uid0</command> may be used to temporarily and interactively acquire elevated or different
+ <para><command>run0</command> may be used to temporarily and interactively acquire elevated or different
privileges. It serves a similar purpose as <citerefentry
project='man-pages'><refentrytitle>sudo</refentrytitle><manvolnum>8</manvolnum></citerefentry>, but
operates differently in a couple of key areas:</para>
setting the <varname>NoNewPrivileges=</varname> variable in
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
- <para>Any session invoked via <command>uid0</command> will run through the
- <literal>systemd-uid0</literal> PAM stack.</para>
+ <para>Any session invoked via <command>run0</command> will run through the
+ <literal>systemd-run0</literal> PAM stack.</para>
- <para>Note that <command>uid0</command> is implemented as an alternative multi-call invocation of
+ <para>Note that <command>run0</command> is implemented as an alternative multi-call invocation of
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
</refsect1>
<term><option>--slice-inherit</option></term>
<listitem><para>Make the new <filename>.service</filename> unit part of the slice the
- <command>uid0</command> itself has been invoked in. This option may be combined with
+ <command>run0</command> itself has been invoked in. This option may be combined with
<option>--slice=</option>, in which case the slice specified via <option>--slice=</option> is placed
- within the slice the <command>uid0</command> command is invoked in.</para>
+ within the slice the <command>run0</command> command is invoked in.</para>
- <para>Example: consider <command>uid0</command> being invoked in the slice
+ <para>Example: consider <command>run0</command> being invoked in the slice
<filename>foo.slice</filename>, and the <option>--slice=</option> argument is
<filename>bar</filename>. The unit will then be placed under
<filename>foo-bar.slice</filename>.</para>
<refsect1>
<title>Exit status</title>
- <para>On success, 0 is returned. If <command>uid0</command> failed to start the session or the specified command fails, a
+ <para>On success, 0 is returned. If <command>run0</command> failed to start the session or the specified command fails, a
non-zero return value will be returned.</para>
</refsect1>
<member><citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-mount</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
- <member><citerefentry><refentrytitle>uid0</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>run0</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-run',
- bindir / 'uid0'))
+ bindir / 'run0'))
custom_target(
- 'systemd-uid0',
- input : 'systemd-uid0.in',
- output : 'systemd-uid0',
+ 'systemd-run0',
+ input : 'systemd-run0.in',
+ output : 'systemd-run0',
command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
install : pamconfdir != 'no',
install_dir : pamconfdir)
_cleanup_free_ char *link = NULL;
int r;
- r = terminal_urlify_man("uid0", "1", &link);
+ r = terminal_urlify_man("run0", "1", &link);
if (r < 0)
return log_oom();
ARG_BACKGROUND,
};
- /* If invoked as "uid0" binary, let's expose a more sudo-like interface. We add various extensions
+ /* If invoked as "run0" binary, let's expose a more sudo-like interface. We add various extensions
* though (but limit the extension to long options). */
static const struct option options[] = {
if (strv_extendf(&arg_property, "LogExtraFields=ELEVATED_USER=%s", un) < 0)
return log_oom();
- if (strv_extend(&arg_property, "PAMName=systemd-uid0") < 0)
+ if (strv_extend(&arg_property, "PAMName=systemd-run0") < 0)
return log_oom();
if (!arg_background && arg_stdio == ARG_STDIO_PTY) {
log_parse_environment();
log_open();
- if (invoked_as(argv, "uid0"))
+ if (invoked_as(argv, "run0"))
r = parse_argv_sudo_mode(argc, argv);
else
r = parse_argv(argc, argv);
# SPDX-License-Identifier: LGPL-2.1-or-later
# This file is part of systemd.
#
-# Used by uid0 sessions
+# Used by run0 sessions
{% if ENABLE_HOMED %}
-account sufficient pam_systemd_home.so
umount /proc/version
rm -f "$TMP_KVER"
-# Check that invoking the tool under the uid0 alias name works
-uid0 ls /
-assert_eq "$(uid0 echo foo)" "foo"
+# Check that invoking the tool under the run0 alias name works
+run0 ls /
+assert_eq "$(run0 echo foo)" "foo"
# Check if we set some expected environment variables
for arg in "" "--user=root" "--user=testuser"; do
- assert_eq "$(uid0 ${arg:+"$arg"} bash -c 'echo $SUDO_USER')" "$USER"
- assert_eq "$(uid0 ${arg:+"$arg"} bash -c 'echo $SUDO_UID')" "$(id -u "$USER")"
- assert_eq "$(uid0 ${arg:+"$arg"} bash -c 'echo $SUDO_GID')" "$(id -u "$USER")"
+ assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_USER')" "$USER"
+ assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_UID')" "$(id -u "$USER")"
+ assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_GID')" "$(id -u "$USER")"
done
-# Let's chain a couple of uid0 calls together, for fun
-readarray -t cmdline < <(printf "%.0suid0\n" {0..31})
+# Let's chain a couple of run0 calls together, for fun
+readarray -t cmdline < <(printf "%.0srun0\n" {0..31})
assert_eq "$("${cmdline[@]}" bash -c 'echo $SUDO_USER')" "$USER"