Run0 is a new and innovative privilege escalation program for Systemd-based Linux distros. It provides a lightweight and “config-less” alternative to traditional escalation apps such as sudo and doas. Here, we show you the basics of using Run0 to escalate commands for your Linux system.
Content
- How to Run Programs as a Different User
- How to Switch to the Shell of a Different User
- How to Customize the Current Run0 Session
- How to Group Run0 Sessions Together
- How to Run Commands on Systemd Containers using Run0
Before that, you might want to find out what is Run0 and how is it different from sudo.
How to Run Programs as a Different User
One of the most common uses for privilege escalation apps is running commands as the root user. In this regard, tapping the root user in Run0 requires adding run0 in front of the command you want to run. For instance, the following creates a new folder in a directory that’s only accessible by root:
run0 mkdir /etc/maketecheasier
This will bring up either a CLI password prompt or a small GUI window asking for your current user’s password.
Similar to sudo and doas, Run0 can also switch to a non-root user when running commands. To do this, add the --user flag followed by the name of the user that you want to run the command as:
run0 --user=alice /home/alice/alice-program.sh
Provide the password for the user that you’re switching to, then press Enter.
How to Switch to the Shell of a Different User
Another key part of a privilege escalation app is its ability to drop the user to a root shell. This gives you the ability to interact with your system as the root user and run more complex commands from the CLI.
In Run0, you can do this by running the program without any additional arguments.
Just like with running programs as root, it’s also possible to use Run0 with the --user flag to start a shell session as a specific user:
run0 --user=alice
On top of that, run0 allows you to create shell sessions with temporary group permissions for non-root users. This is useful if you want to access folders that are locked behind a certain user and group without dropping to root.
For instance, the following command grants the “alice” user temporary access to the “www-data” group:
run0 --user=alice --group=www-data
You can also use the --chdir flag to force a directory change when dropping to a new shell session:
run0 --user=alice --chdir=/home/alice/Documents
Good to know: learn more about your Linux machine by exploring how to recursively change file permissions in your filesystem.
How to Customize the Current Run0 Session
The biggest selling point of Run0 is that it doesn’t use setuid (SUID) in order to handle superuser actions. Instead, it relies on systemd-run which creates isolated psuedo-TTYs for running commands as root.
One consequence of this approach is that Systemd treats every Run0 shell as a discrete unit running under the service manager. This allows you to customize your root shell process, unlike traditional privilege escalation apps.
To add a label for your root shell, use the --unit flag followed by the name that you want to use:
run0 --unit=maketecheasier
You can also add a custom description to your root shell by adding the --description flag:
run0 --unit=maketecheasier --description="hello, world!"
Check that you’ve properly applied your details by listing your root shell’s custom name using systemctl:
systemctl list-units maketecheasier.service
By default, Run0 changes the color of your root shell background to red. While this is a helpful visual indicator, this can be distracting if you’re using a light theme on your system.
To change this, use the --background flag followed by a value between 40-49:
run0 --unit=maketecheasier --background=42
Lastly, you can also adjust the “niceness level” of your root shell. This is a value between -20 and 19 that determines whether your kernel will prioritize your process over others.
To give your root shell the highest priority, use the --nice flag with the “-20” value:
run0 --nice=-20
Note: the --nice flag also works for individual Run0 commands. For instance, you can use run0 --nice=-20 vim to run Vim with a higher CPU priority.
How to Group Run0 Sessions Together
Aside from being able to customize each Linux root shell, you can also use Run0 to group them together in a Systemd slice. This is a special construct that allows your machine to adjust the resource demand for processes without affecting the rest of your system.
To create a root shell on a different slice, run the --slice flag followed by the name of the slice that you want to move to:
run0 --slice=maketecheasier
Note: you can provide a new name on the --slice flag to create a new Systemd slice.
Confirm that your new session is running under your new slice by listing the processes inside it:
systemctl status maketecheasier.slice
You can also use the --slice-inherit flag to group your new slice along with the slice that Run0 came from. This is useful if you’ve already grouped your shells to their respective slices and you just want to add a new shell:
run0 --slice=maketecheasier --slice-inherit
How to Run Commands on Systemd Containers using Run0
Systemd-nspawn is a special program that can create and manage lightweight Linux containers similar to Docker. Being a part of the Systemd suite, you can also use Run0 to execute commands in your nspawn containers from your host machine.
Start by listing the available Systemd-nspawn containers in your system:
machinectl list
Run the following command to create a folder inside your container’s root directory:
run0 run0 --machine=maketecheasier --user=root mkdir /hello-world
Note: there’s currently a bug in Run0 where it fails to elevate privileges when running with the --machine flag. You can fix this by adding a second run0 command to force a privilege escalation.
It’s also possible to drop to your container’s root shell using Run0:
run0 run0 --machine=maketecheasier --user=root
Confirm that you’re now running inside your container by printing the hostname of your terminal session:
echo $HOSTNAME
Learning how to use Run0 to run and manage root commands in Linux is just the tip of the iceberg when it comes to privilege escalation apps. Take a deep dive into the complex world by looking at the differences between su, sudo, and sudo -s.
Image credit: Xavier Cee via Unsplash. All alterations and screenshots by Ramces Red.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time. Subscribe
Ramces Red –
Staff Writer
Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.
Leave a comment