linux/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2026-05-22 04:51:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(systemd): Add support for different privilege elevation tools

Browse source
This commit is contained in:
Randommisha13 2026-03-31 22:37:12 +05:00
commit d7207e269d
No known key found for this signature in database
GPG key ID: 9BF0C7B0A5798AFE
2 changed files with 116 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

70
plugins/systemd/README.md
View file

@ -11,7 +11,7 @@ plugins=(... systemd)
## Aliases ## Aliases
| Alias | Command | Description | | Alias | Command | Description |
|:-----------------------|:-----------------------------------|:-----------------------------------------------------------------| |:-----------------------|:------------------------------------|:-----------------------------------------------------------------|
| `sc-failed` | `systemctl --failed` | List failed systemd units | | `sc-failed` | `systemctl --failed` | List failed systemd units |
| `sc-list-units` | `systemctl list-units` | List all units systemd has in memory | | `sc-list-units` | `systemctl list-units` | List all units systemd has in memory |
| `sc-is-active` | `systemctl is-active` | Show whether a unit is active | | `sc-is-active` | `systemctl is-active` | Show whether a unit is active |
@ -24,30 +24,50 @@ plugins=(... systemd)
| `sc-show-environment` | `systemctl show-environment` | Dump the systemd manager environment block | | `sc-show-environment` | `systemctl show-environment` | Dump the systemd manager environment block |
| `sc-cat` | `systemctl cat` | Show backing files of one or more units | | `sc-cat` | `systemctl cat` | Show backing files of one or more units |
| `sc-list-timers` | `systemctl list-timers` | List timer units currently in memory | | `sc-list-timers` | `systemctl list-timers` | List timer units currently in memory |
| **Aliases with sudo** ||| | **Privileged aliases** |||
| `sc-start` | `sudo systemctl start` | Start Unit(s) | | `sc-start` | `$SUDO systemctl start` | Start Unit(s) |
| `sc-stop` | `sudo systemctl stop` | Stop Unit(s) | | `sc-stop` | `$SUDO systemctl stop` | Stop Unit(s) |
| `sc-reload` | `sudo systemctl reload` | Reload Unit(s) | | `sc-reload` | `$SUDO systemctl reload` | Reload Unit(s) |
| `sc-restart` | `sudo systemctl restart` | Restart Unit(s) | | `sc-restart` | `$SUDO systemctl restart` | Restart Unit(s) |
| `sc-try-restart` | `sudo systemctl try-restart` | Restart Unit(s) | | `sc-try-restart` | `$SUDO systemctl try-restart` | Restart Unit(s) |
| `sc-isolate` | `sudo systemctl isolate` | Start a unit and its dependencies and stop all others | | `sc-isolate` | `$SUDO systemctl isolate` | Start a unit and its dependencies and stop all others |
| `sc-kill` | `sudo systemctl kill` | Kill unit(s) | | `sc-kill` | `$SUDO systemctl kill` | Kill unit(s) |
| `sc-reset-failed` | `sudo systemctl reset-failed` | Reset the "failed" state of the specified units, | | `sc-reset-failed` | `$SUDO systemctl reset-failed` | Reset the "failed" state of the specified units, |
| `sc-enable` | `sudo systemctl enable` | Enable unit(s) | | `sc-enable` | `$SUDO systemctl enable` | Enable unit(s) |
| `sc-disable` | `sudo systemctl disable` | Disable unit(s) | | `sc-disable` | `$SUDO systemctl disable` | Disable unit(s) |
| `sc-reenable` | `sudo systemctl reenable` | Reenable unit(s) | | `sc-reenable` | `$SUDO systemctl reenable` | Reenable unit(s) |
| `sc-preset` | `sudo systemctl preset` | Reset the enable/disable status one or more unit files | | `sc-preset` | `$SUDO systemctl preset` | Reset the enable/disable status one or more unit files |
| `sc-mask` | `sudo systemctl mask` | Mask unit(s) | | `sc-mask` | `$SUDO systemctl mask` | Mask unit(s) |
| `sc-unmask` | `sudo systemctl unmask` | Unmask unit(s) | | `sc-unmask` | `$SUDO systemctl unmask` | Unmask unit(s) |
| `sc-link` | `sudo systemctl link` | Link a unit file into the unit file search path | | `sc-link` | `$SUDO systemctl link` | Link a unit file into the unit file search path |
| `sc-load` | `sudo systemctl load` | Load unit(s) | | `sc-load` | `$SUDO systemctl load` | Load unit(s) |
| `sc-cancel` | `sudo systemctl cancel` | Cancel job(s) | | `sc-cancel` | `$SUDO systemctl cancel` | Cancel job(s) |
| `sc-set-environment` | `sudo systemctl set-environment` | Set one or more systemd manager environment variables | | `sc-set-environment` | `$SUDO systemctl set-environment` | Set one or more systemd manager environment variables |
| `sc-unset-environment` | `sudo systemctl unset-environment` | Unset one or more systemd manager environment variables | | `sc-unset-environment` | `$SUDO systemctl unset-environment` | Unset one or more systemd manager environment variables |
| `sc-edit` | `sudo systemctl edit` | Edit a drop-in snippet or a whole replacement file with `--full` | | `sc-edit` | `$SUDO systemctl edit` | Edit a drop-in snippet or a whole replacement file with `--full` |
| `sc-enable-now` | `sudo systemctl enable --now` | Enable and start unit(s) | | `sc-enable-now` | `$SUDO systemctl enable --now` | Enable and start unit(s) |
| `sc-disable-now` | `sudo systemctl disable --now` | Disable and stop unit(s) | | `sc-disable-now` | `$SUDO systemctl disable --now` | Disable and stop unit(s) |
| `sc-mask-now` | `sudo systemctl mask --now` | Mask and stop unit(s) | | `sc-mask-now` | `$SUDO systemctl mask --now` | Mask and stop unit(s) |
### Privileged aliases
systemd plugin supports multiple privilege elevation tools. When evaluating aliases `$SUDO`
(`$privilege_tool` in code) gets expanded to the relevant command.
You can choose which tool to use by setting `$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL`. The
default, which is used when the variable is not set (or set incorrectrly) is `sudo`.
Available options are:
| Tool | Command | Comment |
|:-----------------|:----------|:----------------------------------------------------------------------------------------|
| `builtin-polkit` | -- | Does no prepend any command, leaving authorization to systemd |
| `custom` | varies | Sets `$privilege_tool` to the value of `$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL_CUSTOM` |
| `sudo` | `sudo` | Default value |
| `sudo-rs` | `sudo-rs` | Memory safe implementation of sudo |
| `doas` | `doas` | Fork of OpenBSD `doas` command |
| `pkexec` | `pkexec` | Uses polkit for authorization |
| `run0` | `run0` | Part of systemd, does not rely on suid. Uses the same polkit action as `builtin-polkit` |
### User aliases ### User aliases

60
plugins/systemd/systemd.plugin.zsh
View file

@ -67,13 +67,68 @@ power_commands=(
suspend suspend
) )
if [[ -z "$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL" ]]; then
ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL="sudo"
fi
# Error messages are defined in variables for better formatting
privilege_tool_error_msg="\
zsh systemd plugin:
\$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL is set to unknown value
Use 'custom' if the one you use in unsupported, or
'builtin-polkit' if you want to use builtin authentication methods.
Defaulting to 'sudo'"
privilege_tool_custom_error_msg="\
zsh systemd plugin:
\$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL is set to 'custom', but
\$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL_CUSTOM is not set.
Defaulting to 'sudo'"
case "$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL" in
builtin-polkit)
# Since all the privilege escalation is done by systemctl itself, it's
# easier to alias them as unprivileged
user_commands+=( "${sudo_commands[@]}" )
unset sudo_commands
privilege_tool=""
;;
custom)
if [[ -n "$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL_CUSTOM" ]]; then
privilege_tool="$ZSH_THEME_SYSTEMD_PRIVILEGE_TOOL_CUSTOM"
else
print "$privilege_tool_custom_error_msg" >&2
privilege_tool="sudo"
fi
;;
sudo)
privilege_tool="sudo"
;;
sudo-rs)
privilege_tool="sudo-rs"
;;
doas)
privilege_tool="doas"
;;
pkexec)
privilege_tool="pkexec"
;;
run0)
privilege_tool="run0"
;;
*)
print "$privilege_tool_error_msg" >&2
privilege_tool="sudo"
;;
esac
for c in $user_commands; do for c in $user_commands; do
alias "sc-$c"="systemctl $c" alias "sc-$c"="systemctl $c"
alias "scu-$c"="systemctl --user $c" alias "scu-$c"="systemctl --user $c"
done done
for c in $sudo_commands; do for c in $sudo_commands; do
alias "sc-$c"="sudo systemctl $c" alias "sc-$c"="$privilege_tool systemctl $c"
alias "scu-$c"="systemctl --user $c" alias "scu-$c"="systemctl --user $c"
done done
@ -81,7 +136,8 @@ for c in $power_commands; do
alias "sc-$c"="systemctl $c" alias "sc-$c"="systemctl $c"
done done
unset c user_commands sudo_commands power_commands unset c user_commands sudo_commands power_commands privilege_tool
unset privilege_tool_error_msg privilege_tool_custom_error_msg
# --now commands # --now commands