sudo equivalent in systemd

Question

how to force "machinectl shell" or systemd-run to ask for password in terminal instead of dialog window?

I can run a command as root using:

machinectl shell --uid=root --setenv='DISPLAY=:1.0' --setenv=SHELL=/bin/bash .host /bin/bash -lc 'startxfce4'

but it ask for the password using the dialog window

I want to have the same behavior of sudo (sudo ask for the password using the terminal so I can script it easily)

on way I found is using ssh like that:

ssh -t MyActualNormalUser@localhost

then run the same command as above:

machinectl shell --uid=root --setenv='DISPLAY=:1.0' --setenv=SHELL=/bin/bash .host /bin/bash -lc 'thunar'

now machinectl ask for the password using the terminal instead of the GUI dialog window!

How can I achieve the same result without using ssh? is it possible to force machinectl/pkexec to ask for the password in the terminal?

_{why not use sudo? sudo do not create a new session for the command I run , machinectl run a totally separated session which make life in scripting easier. and as I read machinectl/pkexec are the su/sudo replace if I m not wrong...}

Answer 1

Run a command as another user

to run something as another user we have different methods:

• machinectl: this create a separate session

• ssh: this create a separate session

• systemd-run: this do not create a separate session, but create a separated service unit that can be controlled too like the session. for example when I run loginctl session-status I get this error: Could not get properties: Caller does not belong to any known session , because of no session ID.

• pkexec: this do not create a separate session

• sudo: this do not create a separate session

How to pass the password in terminal (not gui)

we can use:

• pkexec: this need pkttyagent

• machinectl: this ask for password using gui , to use tty for pass we need pkexec/sudo or ssh

• systemd-run: this ask for password using gui , to use tty for pass we need pkexec/sudo or ssh

• sudo: sudo have to be replaced by pkexec

• ssh: this will need root password or we need to use pkexec/sudo or ssh user@localhost

Conclusion:

only machinectl and ssh gave me a separated session , systemd-run is not bad too but it is for scripts not for creating sessions.

and to gain root we can use pkexec

• machinectl

    timeout 3s sshpass -e pkttyagent -p $(echo $$) &
    pkexec machinectl shell --uid=root --setenv="DISPLAY=:1.0" --setenv=SHELL=/bin/bash .host /bin/bash -lc "startxfce4"

• ssh

    timeout 3s sshpass -e pkttyagent -p $(echo $$) &
    pkexec ssh -t root@localhost  "bash -lc  'export DISPLAY=:1.0 ; startxfce4'"

• systemd-run

    timeout 3s sshpass -e pkttyagent -p $(echo $$) &
    pkexec systemd-run --pty --pipe --wait --collect --service-type=exec --uid=root bash -lc "export DISPLAY=:1.0 ; export SHELL=/bin/bash ; startxfce4"

pkttyagent : is needed to force pkexec to ask for the password using the terminal instead of the dialogue Gui

timeout 3s : is needed because pkttyagent will not die alone.

Answer 2

Solution 1

You can use systemd-ask-password to assign a password to a bash variable.

Example

password=$(systemd-ask-password --echo "machinectl password: ")
machinectl login {{ user }} $password
machinectl shell {{ your command }}

Solution 2

As root user, you can use machinectl --no-ask-password. From the documentation:

--no-ask-password

Do not query the user for authentication for privileged operations.

References

https://www.freedesktop.org/software/systemd/man/systemd-ask-password.html https://www.freedesktop.org/software/systemd/man/machinectl.html