Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sudon't #116

Open
AdreKiseque opened this issue Jan 10, 2025 · 4 comments
Open

Sudon't #116

AdreKiseque opened this issue Jan 10, 2025 · 4 comments
Labels
Issue-Feature New feature or request. Complex enough to require planning and actual budgeted, scheduled work. Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting

Comments

@AdreKiseque
Copy link

Description of the new feature / enhancement

While there are many ways to start elevated processes from unelevated shells, starting unelevated processes from elevated shells is a rather difficult task in Windows. runas.exe and launching through explorer are available options, but each present their own limitations. Sudo for Windows provides an opportunity to add an easier avenue for accomplishing this task.

Scenario when this would be used?

Just as sudo is useful for running elevated processes out of an unelevated shell without having to open a new administrative terminal, a "sudon't" command would be useful for starting unelevated tasks out of elevated sessions without having to open a new non-administrative console. This would be useful for any task that where elevated permissions provide little more than a security risk, as well as for certain programs that behave differently based on permission levels, such as some application installers. Another use-case would be in scripts that run elevated but may wish to start tasks unelevated for the same reasons, but struggle even more so with the issue due to not being able to manually open a new shell to run the command.

Supporting information

It doesn't actually have to be called sudont (but it should).

@AdreKiseque AdreKiseque added Issue-Feature New feature or request. Complex enough to require planning and actual budgeted, scheduled work. Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting labels Jan 10, 2025
@tygoee
Copy link

tygoee commented Jan 14, 2025

How would this work? There isn't just a 'non-administrative terminal', sudo executes commands as the administrator user. 'sudon't' should execute it as..? In Linux/Unix sudo there is a way to specify the user with -u/--user, which could be implemented in some way here if that's what you mean

@AdreKiseque
Copy link
Author

Well, the most obvious implementation would be to run it as the current user in an unelevated context. A user with administrator status and UAC enabled can run things both as a "normal" user (default status) or with elevation ("run as administrator"). Sudo executes commands "as administrator", so "sudon't" would just execute as though you had run the command from a regular terminal. There are potential edge cases that would need to be addressed, though.

...Your comment seems to imply Sudo for Windows executes commands not as the active user with elevation, but as the built-in "Administrator" account. Is that really how it works, or has there been a misunderstanding?

@tygoee
Copy link

tygoee commented Jan 15, 2025

I looked a bit into it and yes, the sudo commands functions differently on windows than on linux (with UAC vs directly running as the root account) but you can't run commands unelevated because all child processes are affected and there isn't a way to 'downgrade' those privileges. You would need to specify a user to execute with, so runas would basically be the same

@AdreKiseque
Copy link
Author

There are ways to downgrade the privileges, they're just very convoluted. That's why packing them right into a tool like sudo would be beneficial, as users wouldn't have to go through those convoluted methods themselves.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Issue-Feature New feature or request. Complex enough to require planning and actual budgeted, scheduled work. Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting
Projects
None yet
Development

No branches or pull requests

2 participants