run0 is a privilege elevation tool introduced with systemd v256. It is implemented as an alternative invocation mode of systemd-run(1). run0 provides a safer and more robust alternative to the sudo mechanism, without relying on suid binaries. It uses polkit for authentication.

run0 is installed with systemd.

Install polkit, as it is required to handle authorization.

run0 does not use a configuration file. Configuration is done with Polkit#Actions and Polkit#Authorization rules.

Default Polkit#Administrator identities grants group wheel the addAdminRule, therefore consider to add your user to the wheel group to authenticate as your own user.

To use run0, simply prefix a command and its arguments with run0 and a space:

$ run0 cmd

For example, to use pacman:

$ run0 pacman -Syu

To launch an interactive shell (similar to sudo -i), just type run0.

With the --empower option, privileged commands are run as the current user, avoiding a full root context. This is useful to run a command with privileges but still have all created files and directories be owned by your current user.

Options for systemd-run also apply. See systemd-run(1) and run0(1).

https://mastodon.social/@pid_eins/112353324518585654