Yep, it's really happening. Sudo is coming to Windows. It's obviously not just a fork of the linux sudo - there's enough that's different about the permissions structure between OS's that just a straight port wouldn't make sense. But the dream of being able to run commands as admin, in the same terminal window - that's the experience we're finally bringing to users.<p>I've been working on this for the last few months now and I'm pretty excited to talk about it or answer any questions!
This smells like when PowerShell aliased curl and wget to a completely different command, with incompatible arguments.<p><a href="https://github.com/PowerShell/PowerShell/pull/1901">https://github.com/PowerShell/PowerShell/pull/1901</a>
I already use <a href="https://github.com/lukesampson/psutils">https://github.com/lukesampson/psutils</a> which has a sudo.ps1, which I install via scoop (I know that's a mouthful, but I just install scoop and run `scoop install sudo`). I used it from powershell literally just before I opened this article (after copy-pasting a password, I copy some random text laying around in the browser, like "com", then run `sudo restart-service -name 'cbdhsvc*'` to clear the clipboard history -- does not clear the current value). There is a UAC prompt, but it's perfectly adequate for interactive work.
Side note that I've always found interesting: <i>sudo</i> is almost entirely maintained by one dude: <a href="https://github.com/sudo-project/sudo/graphs/contributors">https://github.com/sudo-project/sudo/graphs/contributors</a>
Well, sudo for Windows has been a thing for, like, a few years now?... <a href="https://github.com/gerardog/gsudo">https://github.com/gerardog/gsudo</a><p>Not sure if this is the same thing, but this definitely should have shipped with the very first implementation of "oh, sure, you're an Administrator, but not really, since we're ignoring that bit" a.k.a. User Account Control.<p>That would have saved about a metric ton of misguided "here's how to turn off UAC" tutorials, but, ehm, yeah, anything to inject some life into the moribund Windows Insiders Program (the one where <a href="https://blogs.windows.com/windows-insider/" rel="nofollow">https://blogs.windows.com/windows-insider/</a> proudly headlines "What’s coming for the Windows Insider Program in 2023"), right?
When I was at Microsoft we did not use to consider UAC as a security boundary, since there were ways to bypass it. (I used to work on windows kernel security). I wonder how security team let this feature get shipped. Or perhaps now they consider UAC as a security boundary.
Considering the way PowerShell commands go, I assume this will be:<p><pre><code> RunWithAllTheElevatedPermissionsPossible --YesEvenThose .\inthisfolder.folder\.
grep : The term 'grep' is not recognized....</code></pre>
<a href="https://github.com/microsoft/sudo/issues/11">https://github.com/microsoft/sudo/issues/11</a><p>Interesting<p>> Reserved<p>> not blank!<p>> We like to camp nice round number issues like this one, for future use.<p>Can you reuse GitHub issue numbers, or what could be their intention here?
I guess this is a thing on Windows now. However at the moment, it seems to be a very insecure thing. But hey it's early days... I predict they'll eventually get it right 125 patch Tuesdays from now.<p><a href="https://fosstodon.org/@serghei@mastodon.social/111900986825278831" rel="nofollow">https://fosstodon.org/@serghei@mastodon.social/1119009868252...</a>
Good. Although "elevate" from Nirsoft[0] generally worked well for me, it's nice to have something more integrated into the system.<p>[0] <a href="http://nircmd.nirsoft.net/elevate.html" rel="nofollow">http://nircmd.nirsoft.net/elevate.html</a>
Sad that it's Windows 11 only. I can't upgrade. I have a normal, recent PC that I dual boot with Linux, and Microsoft wants me to keep Windows 10 in that constellation. Upgrading is prevented by a silly if statement, and there's nothing I can do. It's the first time a software vendor actively doesn't want me to to have their latest software, but it is what it is.
Here's hoping that "Windows 12" will be just a Window manager + Desktop running on Linux, with all existing bugs meticulously replicated to maintain backwards compatibility with Windows 95/7/8/10/11.
Just pointing out that this is a really good tweet by the co-creator of sudo: <a href="https://twitter.com/BobCoggeshall/status/1755681410596192604" rel="nofollow">https://twitter.com/BobCoggeshall/status/1755681410596192604</a>
Is this going to be a fully proper implementation with a sudoers config such that something like<p><pre><code> sudo c:\some\path\to\normally_needs_elevation_to_function.exe
</code></pre>
will work for my user in my current desktop session without an elevation prompt?
So Microsoft implicitly admits DOS sucks and creates a PowerShell prompt.<p>Then Microsoft doubles down and introduces a better prompt called WSL - the Windows Subsystem for Linux because the Windows command prompt still sucks... and this is just a Ubuntu VM in Windows.<p>And now they implement Sudo?<p>Microsoft hasn't learned the first lesson of holes - when you find yourself in one, stop digging.
Ironic, didn't we find out they had patented sudo a decade ago?<p><a href="https://arstechnica.com/information-technology/2009/11/microsofts-psuedo-sudo-patent-doesnt-really-cover-sudo/" rel="nofollow">https://arstechnica.com/information-technology/2009/11/micro...</a>
Scoop provides <a href="https://github.com/lukesampson/psutils">https://github.com/lukesampson/psutils</a>, which works really well, I am sure there are a million things people will tell me I am missing.
Can you draw the part of the diagram in the blog post based off of these sentences? <a href="https://devblogs.microsoft.com/commandline/introducing-sudo-for-windows/#input-closed-and-inline" rel="nofollow">https://devblogs.microsoft.com/commandline/introducing-sudo-...</a><p>In these configurations, sudo.exe will launch a new elevated process, an elevated sudo.exe process, and the original unelevated sudo.exe will establish an RPC connection with the new elevated process. In other words, information is passed from the unelevated sudo instance to the elevated one.
Do caffeinate next!<p>That reminds me, I have a half-written implementation here:<p><a href="https://github.com/AustinWise/caffeinate">https://github.com/AustinWise/caffeinate</a>
There's already a tool out there that works just fine: <a href="https://github.com/gerardog/gsudo">https://github.com/gerardog/gsudo</a>
If it were anyone but windows this sentence wouldn't alarm me like it does:<p>> Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session
While this looks more secure than the original, I don't think modern operating systems should be investing resources into making privilege escalation easier for users to do. Considering UAC already exists it's not like the additon of sudo is much worse to include so overall it may be better, but I feel investing resources to get rid of the need of users needing to elevate things would be time better spent.
I wrote a Node.js module that implemented similar feature years ago.
<a href="https://github.com/atom-archive/node-runas">https://github.com/atom-archive/node-runas</a>
(An updated fork can be found at <a href="https://www.npmjs.com/package/runas-redux" rel="nofollow">https://www.npmjs.com/package/runas-redux</a>)
One of the most important aspects of ‘sudo’ is that it takes the password of the user who started it, not the admin password. Will this ‘sudo’ work like that, or does it need the user to know an administrator password? If it needs an admin password, it shouldn’t be called ‘sudo’ (it would be an analog of ‘su’)
Interesting. I've been pretty happy with all the Unix-related updates they've put out lately. WSL has been a godsend and the new terminal and powershell have worked a treat. Glad they seem to be continuing with it.
Windows should just run Linux. For apps that really need the Windows OS, use something akin to macOS parallels. I really like WSL of course, but would prefer an inverted paradigm.
I've tried several times to code on Windows. It's nearly impossible for a person used to Unix based systems. Seems it's getting slightly better. Nice.
sudo on windows has a different risk profile given the malware ecosystem and lack of educated/ trained users.<p>95% of linux users are developers who understand risk -- though are prone to mistakes<p>99% of windows users are casual consumers .<p>Let's keep this functionality narrowly accessible : restricted to developer mode and very formal consent. I suggest disabling it if it's unused for a few days<p>this will only rejuvenate the malware market.
This adds a factor of enshittification for NT, NT doesn't need 88 line PowerShell scripts, this "sudo for Windows" thing makes Windows seem like a teenager's high school project. Windows NT already has runas, let NT be NT and let POSIX have sudo/doas. Previously Microsoft hired the best of the best operating systems engineers in the USA who were from Digital and they proved to be people capable of making an operating system able to scale from MIPS to PowerPC/DEC Alpha/IA-32/amd64/Itanium with any combination of hardware and peripherics, now they're allowing random people to push 88 line scripts and calling it a day. Very few people in this world deserve the privilege of touching any Windows NT code and even more few people deserve the possibility of pushing things to the build lab of Windows NT 10/11 builds
The new command is named “sudo” because customer feedback and because MUSCLE MEMORY:<p>I hear you! We thought about some of the options you’re calling out here. <i>A lot of customers voiced having the muscle memory of doing similar flows on various operating systems was more important to them and that’s where we landed</i>. I totally understand your perspective and I do really appreciate the feedback. I’m always trying to learn from people like you so I can help to build things that will make your life better.<p>From <a href="https://devblogs.microsoft.com/commandline/introducing-sudo-for-windows/#comment-6032" rel="nofollow">https://devblogs.microsoft.com/commandline/introducing-sudo-...</a>
This is good, but runas already exists. Its interface is shit. Improve it to make it not shit please. Don't hijack the name of an existing command unless you're going to re-implement its interface 100% compatibly.<p>This is like when PowerShell hijacked curl all over again...
If everyone thinks this is so great (just judging by the number of times it's appeared in the HN top 30), why don't they just run linux, instead of some sh!t immitation?<p>Everyone knows, if you can C colon, your running a M$ product...