From: Daan De Meyer Date: Mon, 24 Nov 2025 18:48:49 +0000 (+0100) Subject: run0: Give --empower its own color, title and emoji X-Git-Tag: v259-rc2~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c36942916b7409109687d693c04b039def9c5b79;p=thirdparty%2Fsystemd.git run0: Give --empower its own color, title and emoji When in --empower mode, all created files will be owned by the current user, which could be problematic when creating files outside of the current user's home directory, as other processes running as the same user would be able to edit those files. While this is a bit of an edge case since users already have to go through the effort of writing --empower to indicate they want a privileged session as the current user, it's not unphatomable to think they could start an empowered session which they later return to and continue using. Currently, it's not easy to differentiate a regular run0 session and an empowered session at a glance, so users might think they're using a regular run0 session when they're actually using an empowered session. To address this problem, let's give empowered session their own identify, by making the background orange, using the pumpkin emoji as the shell prompt prefix and giving them an orange circle as the PTY title. --- diff --git a/src/basic/glyph-util.c b/src/basic/glyph-util.c index f540a684731..f71975d810b 100644 --- a/src/basic/glyph-util.c +++ b/src/basic/glyph-util.c @@ -82,10 +82,12 @@ const char* glyph_full(Glyph code, bool force_utf) { [GLYPH_COMPUTER_DISK] = "o", [GLYPH_WORLD] = "W", [GLYPH_RED_CIRCLE] = "o", + [GLYPH_ORANGE_CIRCLE] = "o", [GLYPH_YELLOW_CIRCLE] = "o", [GLYPH_BLUE_CIRCLE] = "o", [GLYPH_GREEN_CIRCLE] = "o", [GLYPH_SUPERHERO] = "S", + [GLYPH_PUMPKIN] = "P", [GLYPH_IDCARD] = "@", [GLYPH_HOME] = "^", [GLYPH_ROCKET] = "^", @@ -162,10 +164,12 @@ const char* glyph_full(Glyph code, bool force_utf) { [GLYPH_COMPUTER_DISK] = UTF8("💽"), [GLYPH_WORLD] = UTF8("🌍"), [GLYPH_RED_CIRCLE] = UTF8("🔴"), + [GLYPH_ORANGE_CIRCLE] = UTF8("🟠"), [GLYPH_YELLOW_CIRCLE] = UTF8("🟡"), [GLYPH_BLUE_CIRCLE] = UTF8("🔵"), [GLYPH_GREEN_CIRCLE] = UTF8("🟢"), [GLYPH_SUPERHERO] = UTF8("🦸"), + [GLYPH_PUMPKIN] = UTF8("🎃"), [GLYPH_IDCARD] = UTF8("🪪"), [GLYPH_HOME] = UTF8("🏠"), [GLYPH_ROCKET] = UTF8("🚀"), diff --git a/src/basic/glyph-util.h b/src/basic/glyph-util.h index c9582ec61e5..eb0843d1284 100644 --- a/src/basic/glyph-util.h +++ b/src/basic/glyph-util.h @@ -50,10 +50,12 @@ typedef enum Glyph { GLYPH_COMPUTER_DISK, GLYPH_WORLD, GLYPH_RED_CIRCLE, + GLYPH_ORANGE_CIRCLE, GLYPH_YELLOW_CIRCLE, GLYPH_BLUE_CIRCLE, GLYPH_GREEN_CIRCLE, GLYPH_SUPERHERO, + GLYPH_PUMPKIN, GLYPH_IDCARD, GLYPH_HOME, GLYPH_ROCKET, diff --git a/src/run/run.c b/src/run/run.c index 88d60dbc912..c0553c7bd9f 100644 --- a/src/run/run.c +++ b/src/run/run.c @@ -270,7 +270,7 @@ static bool privileged_execution(void) { if (arg_runtime_scope != RUNTIME_SCOPE_SYSTEM) return false; - return become_root() || arg_empower; + return become_root(); } static int add_timer_property(const char *name, const char *val) { @@ -883,6 +883,36 @@ static int parse_argv(int argc, char *argv[]) { return 1; } +static double shell_prompt_hue(void) { + if (privileged_execution()) + return 0; /* red */ + + if (arg_empower) + return 30; /* orange */ + + return 60; /* yellow */ +} + +static Glyph shell_prompt_glyph(void) { + if (privileged_execution()) + return GLYPH_SUPERHERO; + + if (arg_empower) + return GLYPH_PUMPKIN; + + return GLYPH_IDCARD; +} + +static Glyph pty_window_glyph(void) { + if (privileged_execution()) + return GLYPH_RED_CIRCLE; + + if (arg_empower) + return GLYPH_ORANGE_CIRCLE; + + return GLYPH_YELLOW_CIRCLE; +} + static int parse_argv_sudo_mode(int argc, char *argv[]) { enum { @@ -1236,14 +1266,7 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) { return log_oom(); if (!arg_background && arg_stdio == ARG_STDIO_PTY) { - double hue; - - if (privileged_execution()) - hue = 0; /* red */ - else - hue = 60 /* yellow */; - - r = terminal_tint_color(hue, &arg_background); + r = terminal_tint_color(shell_prompt_hue(), &arg_background); if (r < 0) log_debug_errno(r, "Unable to get terminal background color, not tinting background: %m"); } @@ -1255,7 +1278,7 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) { if (!arg_shell_prompt_prefix) return log_oom(); } else if (emoji_enabled()) { - arg_shell_prompt_prefix = strjoin(glyph(privileged_execution() ? GLYPH_SUPERHERO : GLYPH_IDCARD), " "); + arg_shell_prompt_prefix = strjoin(glyph(shell_prompt_glyph()), " "); if (!arg_shell_prompt_prefix) return log_oom(); } @@ -1280,7 +1303,7 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) { * this for root though, under the assumption that if a regular user temporarily transitions into * another regular user it's a better default that the full user environment is uniformly * available. */ - if (arg_lightweight < 0 && privileged_execution()) + if (arg_lightweight < 0 && (privileged_execution() || arg_empower)) arg_lightweight = true; if (arg_lightweight >= 0) { @@ -2290,9 +2313,7 @@ static int run_context_setup_ptyfwd(RunContext *c) { if (!isempty(arg_background)) (void) pty_forward_set_background_color(c->forward, arg_background); - (void) pty_forward_set_window_title(c->forward, - privileged_execution() ? GLYPH_RED_CIRCLE : GLYPH_YELLOW_CIRCLE, - arg_host, arg_cmdline); + (void) pty_forward_set_window_title(c->forward, pty_window_glyph(), arg_host, arg_cmdline); return 0; }