Linux

I will use it. I don't care what others think. People can use su, sudo, doas, run0 by their choice, and I don't see why we need a common opinion about it.

If you make users sign in too much, they will just make their passwords short and easy to remember, even 24hrs is too much and people bitch about it all the time, especially since we have password managers enforced, meaning every time they need to Auth they need to Auth into their system, Auth into their password manager, copy the password, auth into their phone, look at the 2FA code and type that in.

Doing this every day just to open email is understandably fucking enraging even to me as a security """engineer"""/analyst/${bullshitblueteamemailreaderjob}

Press it harder and they will use simple passwords that will inevitably be passed through to something external (e.g. cockpit which even I can bruteforce) or reused somewhere at some point, and then someone just has to get lucky once and run whatever run0 sudo su <reverse shell bs here> to bypass all protections.

No.

I might try run0 for fun, but I don't think it'll replace sudo any time soon.
The biggest issue I see is run0 purposely not copying any environment variables except for TERM.
You'd have to specify which editor to use, the current directory, stuff like PATH and HOME every time you run a command.

Systemd, not linux

This just sounds like a a solution in search of a problem.

Meaning, run0 is overengineered too?

Prompting for every single command seems like it'd suck

I don't know, we'll just have to see. But personally, I am not a fan of tying so many functionalities to systemd.

su is the best. I mean, i should be using the admin (root) password for admin things, not the user password of user who is already logged in. And there needs to be a root service already running to make user have root previlages which is dumb imo. Sudo vulnerability could cause previlage escalation but if there is no root process managing this, then it can't leak the root access. Only kernel security issue(or other root processes) will leak root access if that was the case, which i think is better.

As it is running sudo with a long process is annoying missing and having to reenter my password or missing and the process timing out if I go afk to wait, I can't imagine having to type my password every few moments when I run an upgrade. Surely this is not the pitch. This is already looking dead in the water if so, and god help me if I have to remember to type run0.

I’m surprised they would implement having just run0 effectively log you in as root. For the super security conscious constrictions of the command versus sudo, it would seem that the very notion of elevating your privilege beyond the single command to be carried out, would be anathema to the whole goal of this new command. Evidently not, but it’s surprising to me.

I'll stick with doas

At the moment, fish doesn't know what to do with run0. When that changes, I'll start using it :)

I'm going to continue to keep avoiding Poettering software for as long as he continues to act like a jackass. Even his commit messages are dripping with condescension.