Yep, it's really happening. Sudo is coming to Windows. It's obviously not just a fork of the linux sudo - there's enough that's different about the permissions structure between OS's that just a straight port wouldn't make sense. But the dream of being able to run commands as admin, in the same terminal window - that's the experience we're finally bringing to users.
I've been working on this for the last few months now and I'm pretty excited to talk about it or answer any questions!
I think they should've named it something else to avoid confusion, especially if it doesn't have the same behavior as unix sudo. If it has different arguments and features, imagine the confusion of unsuspecting users searching how to use sudo in the future.
I disagree. Although this "Sudo for Windows" is not a one-to-one port from Linux, it does the same function which is to elevate a unprivileged command. Imagine if they announce "Introducing Dosu for Windows", you won't know what the hell that is without reading at least the first paragraph.
In addition to not being a one-to-one port, Sudo for Windows is a completely unrelated command.
That's only one of the use cases of Sudo. Here's a description of Sudo from the official manual [1]:
Sudo for Windows can't do that. It's mentioned in its FAQ:
Sudo for Windows is like a cat command that can't concatenate files or a touch command that doesn't update timestamps.
[1]: https://www.sudo.ws/docs/man/1.8.18/sudo.man/
[2]: https://learn.microsoft.com/en-us/windows/sudo/
Oh, that's a good counter-example to your own point: 99% of people who use cat don't care about this functionality.
That's an astonishing claim to make without evidence.
is a pattern I see being used everywhere.Same goes for sudo. If you're going to claim that a whopping 99% of users don't use the CLI options or /etc/sudoers, you'd need solid proof. Because a simple search shows otherwise:
https://grep.app/search?q=sudo%20-®exp=true
This Sudo for Windows behaves nothing like the actual sudo. It doesn't even achieve the original's stated purpose.
Also considering that search results for anything involving Windows tends to be riddled with spams and outright scams, this will negatively affect non-Windows users searching for sudo as well.
So again, this naming conflict is unfortunate.
That's an astonishing claim to make without evidence. I don't see "cat *" being used anywhere. In fact, I've just ran search for usage of "cat" over the repository of shell scripts that are used for the various packaging and deployment tasks in my company (and we have to deploy a lot of stuff, written in different programming languages, and every team packages their stuff into their docker containers in their own way but it's all still documented in this repo) and every single use of cat is either
a) reading data into a variable "VAR=$(cat file_with_data)";
b) writing inline data from script into a file "cat >>$TARGET_FILE <<EOF ... EOF";
c) an entirely reasonable use of cat "cat file | utility_that_accepts_filenames_too", sometimes even "cat file | utility".
None of them take a pattern or more than one file.
UPD: I've ran "cat *\." on the grep.app, and it seems that it's used mostly for bulk log processing; I vaguely recall we moved away from it to using custom reader scripts because the asterisk doesn't expands into the files ordered the way we needed.
The onus isn't on me to disprove that 99% of cat users don't care about concatenation, but here's a non-comprehensive list of projects using cat to concatenate files:
OpenSSL, Curl, Git, Linux, Gettext, NodeJS, zstd, GCC, FFmpeg, OpenJDK, Pyenv
I think users, upstream developers, and downstream packagers of these software will all be upset if cat ceased to concatenate.
Example:
https://sourcegraph.com/search?q=context:global+repo:%5Egith...
Half of those examples from git don't even invoke cat, another quarter don't concatenate files, and the final quarter use it for preparing test data. Well, I guess the last is a valid use although again, most of those uses could've used printf "$chunk_of_data" >>output instead of writing temporary files all over the temp directory, and I imagine the "git am" test could've been written as "git am patch1 patch2" instead. shrugs I guess it's 80% then.
UPD: And lots of people use "cat file1 >>output; cat file2 >>output" for concatenation anyhow [0]. Apparently shell already can concatenate things well enough, so cat should do one thing and do it we;l: dump a single file contents to stdout /s.
[0] https://grep.app/search?q=cat%20.%2A%3E%3E®exp=true
That's because it's a regex search and not relevant to the point at all. What matters is that people use widely advertised features of a popular tool, including sudo and cat. Especially if that feature is the single stated purpose of the tool.
Taking a name of a widely used tool and slapping it on something that doesn't even do what the original was made for isn't a nice thing to do. I don't get why that's controversial to anyone.
That one thing is con-"cat"-enating files, so to speak. Why should it become something different just to make the name Sudo for Windows appear somehow less misleading?
Also,
is a clunky way of concatenating files. Even clunkier.Windows and Linux already share dozens of commandline commands with the same name and have different behaviors.
This doesn't mean this isn't an issue, and that the issue should be worsened.
Of course, it being an issue is an opinion (of mine), see my daniel.haxx.se link from my other comment next to yours for a motivation of this opinion.
The situation with curl is different because these are unix utilities you can run on Windows (hence the issue).
Now "sudo" is not a very Windows-y name for this utility but it has the advantage of being self-descriptive by those most likely to use it. It's sudo... for Windows. You don't have to explain it further.
The command line namespace is flat and there are only so many letter combinations, the idea that an OS shouldn't reuse a command name from a different OS is pretty limiting.
Good point, the unlikeliness to ever run the real sudo on Windows makes it less an issue. Though doesn't remove it completely. You could for instance imagine a bash script (which you can run on Windows, since you can install Bash there) trying to use sudo if present, or something else, and fail because sudo is present but doesn't have the expected features. In shell land, the name of a command is almost an implicit contract.
In practice:
- Programs are mostly cross platform so many "commands" can work on different OS. Which makes the command line namespace quite shared between OSes
- I've not seen many clashes. I can certainly remember of one: the Chromium browser and the Chromium B.S.U game. It was unintentional. The "sudo" one is. You can certainly avoid it.
Either way it’s done it’s an issue. Use a new name and it becomes a training problem, even for the most basic usage. Make it the same name and people expecting certain behaviors might get something slightly different.
At a basic level, I’d wager a vast majority of sudo’s usage is very basic, “run this command as admin”. If it can do that out of the box, it solves for a vast majority of users and they don’t have to learn some kind of new cmdlet to be able to do it.
This can't fully address the concern I raised. Their curl alias addressed the most basic / common usage and it caused issues.
I also can't imagine a different name to cause such a training issue. We are speaking about people who learned using the terminal on Unix and are using it on Windows. They are likely at ease with computers. If they are confused by a name change, I can't imagine how confused they could be at the first difference they encounter. The same name might as well cause more training issues. I'm not convinced.
Not like it's unique to Windows. Linux and say FreeBSD are similar in this regard as well, lots of commands with same name but different behavior.
They've done it with curl: they made an alias to their own program not supporting the same feature set and it inevitably backfired [1]. sudo is a complex program with a lot of different options [2] and as people from MS said here, it's never going to be compatible because of how Windows works differently.
While I understand picking a familiar name, sudo is certainly not the only player, there's also doas. This shows people can adapt to another name and another name would have seemed more appropriate.
edit: whoops, it was already mentioned in this thread [3]
[1] https://daniel.haxx.se/blog/2016/08/19/removing-the-powershe...
[2] https://linux.die.net/man/8/sudo
[3] https://news.ycombinator.com/item?id=39305452#39309126
The fact that doas has far fewer users, and examples everywhere show `sudo xyz` as the way to run xyz as root, shows that people do not adapt to a different name.
Microsoft has been trying, for years, to get developers to use Windows systems. This is another good step towards doing so.
The answer isn't to use a different name; the answer is to actually support most of the sudo interface.
But that said, there's a subset of the sudo interface that would cover the majority of what most people need on a regular basis:
-H (change home directory)
-i (act like a login shell, which may not be meaningful on Windows but could at least be ignored for compatibility)
-E (preserve the environment)
-u (set the user to something other than root)
-g (set the group)
-s (just run a shell)
The answer is to do either.
i.e. the complaint about using the name while offering a different, incompatible interface is valid.
Yes, I agree.
I do think it was correct to use the name, though, which means they should be more compatible.
Using sudo for a Windows program doesn’t seem as bad as using curl as an alias for Invoke-WebRequest. While the real curl can be installed and fully functional on Windows, sudo is intuitively an OS-level program that deals with OS-level access control.
Linux users can experience this now by using sed on macOS
Or by using a bash builtin that duplicates a normal command.
People can experience confusion on any operating system by using sed :)
To be fair, you will probably be confused by using sed in general
that's the standard microsoft way
embrace (copy sudo), extend (add incompatible options), extinguish
I can say with 100% certainty that Microsoft is not going to extinguish sudo
“Please watch this in-terminal ad while you enter your password”
This really goes to show that no matter how legitimate a viewpoint (Microsoft is into EEE), there are always people looking to pretty unintelligently bandwagon.
Yes, we know. Internet Explorer, yada yada. Beyond the ridiculousness of the notion of sudo specifically being a target for MS, the notion that MS, or any company of its size, is THAT single-minded, is absurd.
> especially if it doesn't have the same behavior as unix sudo... imagine the confusion of unsuspecting users searching how to use sudo in the future.
It's hard to imagine a company that size would name it so deliberately without realizing it would cause confusion in search engine results and such.
A good faith assumption would be they wanted to make Windows more familiar to users of both but it also means that Windows will get mentioned in more Linux results over time to disambiguate it.
same microsoft as where I'm from?
So it's just some black hat SEO to seem more relevant to Linux users?
You are not the only one thinking so. There is already a thread on OpenBSD's tech@ taking swipes at the obvious naming collision:
https://marc.info/?l=openbsd-tech&m=170742832804260&w=2
I just hope it's not in the PowerShell zeitgeist of `--Super_Long_Option_Names_that_Use_a_Mix_Of_Caps_And_things`
perhaps `admininator`
Nice to see the author here! I have to say: I really like whats going on in Windows world from a developer perspective in the recent years. I am a hardcore Linux fanboy for decades but I have to admit that PowerShell, WSL, vscode, Windows Terminal and the recent open source strategy sounds very appealing to me. This is something MS/Win does much better in recent days compared to, for instance, Apple/Mac OS.
I would love to see a tighter integration of winget into Windows. I recently used a fresh MS Windows Server 2023 installation and had a bad day to even get winget installed.
I really hope that the current strategy does not turn out as somewhere between "embrace" and "extend"...
Only problem is Powershell's commands are abysmally slow in comparison to chaining together Linux terminal commands that are written in C.
Powershell is a super neat language though.... especially if the Microsoft team that manages it would work more with the team that does more for SMEs and not just DevOps. The overwhelming majority of windows users doing regular business work have to deal with crufty stuff like VBA or over engineered stuff like C#. I was really hopeful for Powershell, but it seems like it's almost entirely to serve IT administrators or software developers. I wish that very capable team would do things like add a fairly simple GUI DSL or form designer with the tool. I know it can hook into WinForms, but that's a lot of effort and requires more C# background. There are probably millions of business analysts that would love to build little simple GUI apps without investing weeks of effort. The current approach is to just use Python, but that has it's own bag of problems for those that can do a little coding, but aren't full time developers. It just seems weird that Microsoft never invested in a language for SMEs that would integrate well with the OS and Microsoft apps and tooling.
Powershell is a terrible "language". It's fine for sysadmins to do sysadmin work but why would you want to subject business analysts to that level of unix shell inspired weirdness. Microsoft already has VB.NET which would serve that market much better.
Give me C# over PS any day.
It’s not Unix shell inspired at all, that’s the problem.
Oh it is, just in all the worst ways. I mean look at this:
At least it doesn't let you do this (as far as I can tell) so it seems slightly better in that aspect:
The syntax is terrible, though – if these operators are not actually options for a command, which is the context where the leading dash makes some kind of sense, why make them look like that?Also, why does the documentation[0] talk about statements returning values? I've never seen the terminology used that way before. Usually expressions evaluate to a value and statements can consist of an single expression.
[0] https://learn.microsoft.com/en-us/powershell/module/microsof...
Perl users feel right at home.
I actually find that very readable. What is the problem?
The weird part of PS is the piping, which doesn't always do what you think it should as everything is an object instead of text.
That is actually an advantage.
Terrible? For writing GUI yeah, sure, not that it was designed to do it. Just it's possible to tap into .net world, that's all.
VB.net is still .NET which is fairly complicated and verbose. It's basically just a visual basic skin over C# right?
I'd love to see winget with a command structure that makes sense. Currently if I want to install python via winget, I have to run `winget install -e --id Python.Python.3.11`. -e? --id? What are these for? Why do I have to memorize them? Almost every other package manager just does something like `packagemanager install python`, and then you can supply args for versions if you like.
Also winget does not have python 3.12 which was released 4 months ago.
winget has Python 3.12.2 at the moment, which has been released two days ago.
And you don't have to use --id - you can do `winget install 7zip` etc in cases where there's no ambiguity.
It doesn't turn up here, maybe I'm on the wrong website? https://winget.run/search?query=python%203.12. For that matter 7zip doesn't show up in that search either.
I was able to find the 7zip page by googling for it: https://winget.run/pkg/7zip/7zip
But as with Python the default suggestion is `winget install -e --id 7zip.7zip`. If I can just do `winget install 7zip`, why can't they show that command? Why is the complicated way the default and the simple, intuitive method optional and not easily discoverable?
There's lots of room for improvement.
winget.run is no longer updated. Try https://winstall.app
Those sites give you the command line exact match (-e) --id as a safety precaution so that you install exactly what you were looking at on that website and not a fake or similarly named but different installer or a different version than what you expected.
The complicated way is optional, you are using two different options: -e and --id. The CLI's default is actually sloppier when you don't use those two options in that way.
It seems easily discoverable from `winget --help` to me. But I tend to use `winget search` rather than websites, so maybe I'm just more familiar with it.
Windows change is welcoming, yet still not quality. As stated by someone below, sudo is https://www.sudo.ws/. Microsoft should give it a proper distinctive name lie wsudo or psudo. Little thinks like is compounds the issues with Windows / Microsoft.
Even continually sticking to old design patterns causes issues in development and deployment. Big name companies do not trust applications running on hosted Windows because of their current business practices. Microsoft does not even have a means to provided ease of deployment for air-gap system. This is the only way some big business will let products hosted on Windows to be in their facilities.
Windows as become more problematic for me because of all the layers of security that need to be applied for companies to trust Windows. This causes issues such as having to stop typing because Visual Studios or VSCode cannot process key strokes in real time.
Localization translation text standard still does not allow for containing singular and plural in the same key. Translations should be easily to update so the client can improve wording on the fly. Microsoft still recommends using resx and compiling a DLL.
.....
Is that really what companies have to do to "trust Windows"? From my experience, it's rather driven from the need to look compliant. Thus, managers without in-depth knowledge decide to buy "endpoint security solutions", the more the merrier, deploy them to your machine, and that brings things down to a crawl.
Why to a crawl? Well, I've witnessed multiple antivirus products go bezerk on your dev folder if you compile C++. Turning them off for this folder increased performance by a factor, which is what's typically done and completely subverts the purpose of these products. Also, I witnessed a certain product with a bird of prey that would run for hours and then just crash on a directory with a few million files.
This combination of sub-par quality of "security" products and performative deployment of endpoint security is a bane, at least for me as an enterprise software developer. I don't see Microsoft being primarily at fault there.
Most businesses that use Windows and/or Microsoft products do no go through all of that. The main benefit of using Microsoft is all of the integration between development products and DevOps. Most of the solutions for security are not provided by Microsoft, and often are looking to check off boxes to make auditors feel better, without actually enhancing anything. I've had to create some bizarre workarounds just to get past auditors, and in the end the solution was no more secure than doing nothing at all.
This is a big issue for me. I'm stuck using Windows for work, and it runs like an absolute dog even on good hardware.
Thanks! I think the team we're on has a very clear focus on making developers happy. Like, we're all ourselves, developers, so a lot of it is very self-serving. Anything we can do to make our own lives better is probably going to be a good thing for a lot of other developers too.
Shame the rest of the company is dedicated to making users unhappy to scrounge a few extra pennies. Users include developers of course.
(See the transcript of Security Now 958 for recent details.)
I use WSL2 a lot because my current employer is a "Microsoft" shop (despite all the code being deployed in Linux containers).
For us developers, the changes in Windows to support WSL2 weren't really an enhancement of Windows, it's now just a really complicated way to run Ubuntu. As in, Windows 11 is the biggest Linux bootloader in history.
sudo for Windows...can't even see a use for it any more.
you are lucky, where I work WSL2 is blocked for security reasons
WSL 1 is allowed luckily, but it's kinda meh
Does the UAC prompt always say "Verified publisher: Microsoft"? Even without controlling stdin, malware at medium integrity could prompt to run a malicious command, and users will only see Microsoft's good name in the popup.
Does this elevate within your own account token (i.e. will not work for non-Administrator users), or does it actually switch user (e.g. to LOCAL SYSTEM)?
Putting Microsoft in the UAC prompt is indeed weird. It should be the info of the target binary. This feature sounds a bit rushed, and it's early preview, maybe they fix it by the final release.
Yea, that's a limitation of UAC at this point, and probably not one we can avoid. The "Show details" dropdown on the dialog does however show the commandline you requested, so at least that's one way of making sure it's the thing you ran
The best way would be, if it could say something like:
Allow $PARENT_PROCESS_NAME to run $COMMAND with administrator rights.
So if you would enter the following in cmd.exe:
It would say:Allow Command Processor Shell to run notepad.exe ... with administrator rights.
Maybe for Windows 2025 we can work with the UAC folks to get something like that. I'm still shocked to this day that we managed to ship this at all. One step at a time :)
Why?
Sorry, have you never read anything about Microsoft before? I'm not sure why people are being so critical of OP.
Look, I'm genuinely curious and we happen to have a MS dev here who could provide interesting first hand insight.
I'm not critical. I don't have enough knowledge on the situation to share criticism on the topic yet.
I could have added "Could you expand on this?" to clarify my intent.
To answer the original question: I've been at MSFT like, 8 years now? And this is probably the third serious attempt my team has made at Sudo for Windows. (I think I heard of a couple other attempts in my tenure as well). After the last attempt, my mantra had always been "this is impossible to actually ship".
It's a tricky feature to ship, cause it is ultimately something that can be used as an escalation of privilege vector. Like, that's the entire idea. And there are a lot of people who (very rightly) get the ick when you say "we want to add this thing which can be used as an EoP to the OS image".
So, it's kinda hard to believe that after four years of thinking it was impossible, we actually managed to get it out the door.
You must feel like you just shipped Duke Nukem Forever.
Pretty fair, especially since there's already tons of ways (albeit far less convenient) to accomplish nonmalicious escalation.
Great work making this happen!
Makes sense.
Thanks for taking the time to answer, very appreciated! You must be happy to have been wrong, ah ah.
I wish my fellow posters could get out of their own way long enough to congratulate you! this is a great feature. I'm glad you got it into the build and I can tell you're excited about it. I can't remember the last time. I was excited about a feature that I shipped. maybe I'm just burned out but it's really refreshing to see it's shining through your replies. companies like Microsoft and Google need more engineers like you that actually care about shipping cool shit.
A tool like sudo should probably be sufficiently integrated with UAC to be able to customize that dialogue box...
You say that like Microsoft isn't an incredibly deeply dysfunctional company with absurd turf wars and conflicting interests between all the teams. You'd think it should be sufficiently integrated, but it's likely office politics made that impossible. How about be glad we got this at all as a first step, then maybe it will build momentum towards a better integrated solution?
You forgot that because of backcompat this solution will now become the unchangeable standard for years and anything more integrated will be in addition, not a replacement.
And that's OP's fault how? We often have to work with the environment and framework we have, not the one we wish we had where we could just immediately implement the best possible solution.
From the diagram on the article I see that sudo is elevated first, then the target program is launched.
Can't you call the target program directly? There must be a way, because explorer.exe is not elevated, and when you right click a program and choose "Run as administrator" you get a pop-up for the target .exe, not for Explorer.
Maybe until UAC is improved you can ship with a launcher process that is signed by publisher "Unknown"?
Yes, but then you would just run sudo cmd.exe [the program you want to run] and it will still say Microsoft.
Also the preference should actually describe it better
If I were a scammer I could make up an acronym or something that sudo means and trick someone into turning this on because the toggle doesn't actually describe what it is so I can just weave my own narrative.
I think you're overthinking this. At the point that the scammer is getting the victim to change settings, overcoming UAC is not the problem.
Can't you already do that today with cmd.exe?
Why can't you do this with the tool that already exists to do the exact same thing, called runas?
Does it have a policy editor comparable to the /etc/sudoers file? Sudo is interesting not because it just allows to assume admin privileges for a moment; it allows to give access in a finely-grained manner, and not exclusively admin access.
Just scrolling through the documentation [1] gives some idea. Examples in the end may surprise the reader with the variety of capabilities.
[1]: https://www.man7.org/linux/man-pages/man5/sudoers.5.html
You're talking about Sudo for Linux - today's new "Sudo for Windows" doesn't support a sudoers file.
No, nine_k is talking about the abstract requirements that are understood by "sudo", asking how they are reflected in this implementation.
Sudo is widely understood to refer to a program which allows specific users to run specific privileged commands.
Nitpick: it’s not “Sudo for Linux”, it’s just “sudo” and runs on a wide variety of operating systems aside from Linux. It actually predates Linux by around a decade.
This sudo for Windows doesn't either because it's not sudo. Looking at the docs, it's not even remotely compatible either. The choice of name here is unfortunate.
Also 'start -Verb runas' in Powershell.
Is there anything shorter than `powershell.exe -executionpolicy unrestricted -file`?
setup_windows.ps1: https://github.com/westurner/dotfiles/blob/develop/scripts/s...The executionpolicy merely allows you to write unsigned scripts. Not that it runs them elevated.
I really hope that sudo is going to allow one to capture the output of the thing running in sudo and handle errors better. I recently wrote an installer script in PowerShell and had to go through severe contortions to support privilege elevations for only a minimal part of the script. I needed to use start with runas to relaunch the same script with different options to continue the installation process and there's not much in the way of proper error handling either.
I have noticed that runas is mentioned as an already existing sudo alternative, but as far as I know, runas asks you for the administrator's password. sudo asks the own user password. This is how you give a non administrator user the right to use some application/tool without revealing the admin's password.
Or does runas work differently than I thought?
You're right, but on my work environment I have two accounts - "me" and "me with elevated permissions". (I don't say "admin" because there's still a bunch of stuff I can't do, like run netsh). I assumed that was the normal pattern in Windows-land?
It is something of the normal pattern, it always seems like companies love it. It always seems like UAC with extra steps to me. It's not that much more secure than taking UAC as-is and dialing up the security settings on UAC prompts to require a password every time. It's often amusing to me that everywhere I've seen require "secondary accounts" for admin permissions has dialed down the overall security settings of UAC below the defaults.
Right, I don't think runas has a "sudo-mode" in terms of "let the user elevate their own permissions for specific tools even if they don't have an elevated account to elevate to", but runas is so low level and has so many weird combinations of arguments that maybe there is a buried similar way to that, I can't say for sure.
But the base "sudo" case where you have an account that supports UAC elevation (you are your own administrator) runas definitely supports as the CLI way to invoke UAC prompts for your own account, not just other administrator accounts. (Using the /trustlevel flag accordingly, as I recall.)
A link in the article explains ...
https://learn.microsoft.com/en-us/windows/sudo/#how-is-sudo-...
It only explains what is different between sudo and runas. It doesn't really explain why they couldn't just improve runas and add those missing features instead of creating a new command. As it stands now you seem to need both sudo and runas to cover all reasonable use cases.
And if you need the Sudo interface there are wrappers like https://github.com/purplesyringa/win-sudo.
If the elevation prompt would show the elevated executable and not the wrapper, that would be news...
Been using it for a decade or more. Came to make this comment.
The real question is, where will incidents be reported to if you're not in the sudoers file?
The boring answer would be the event viewer snap-in.
Alternatively, a stern yet extremely polite mail from Raymond Chen asking what you were actually trying to accomplish.
ASCII Clippy appears: "It looks like you're trying to do privilege escalation"
Isn't that followed by "Would you like me to help you with that?"
They'll be sent directly to -- MARK --.
So harsh right? I felt bad the first couple of times even if it was my own computer!
The people demand to know.
You'll be asked to enable .NET and Simple TCPIP services, and a mailbox file created under C:\ will open on Notepad every logins thereafter.
My fingers are still starting to shake if I accidentally miss-typed the sudo password 2 times. Even on my own server, where the incident will be reported to myself!
billg@microsoft.com
To Santa of course
I still to this day feel like I'm being snitched on, even if I own the hardware directly.
Probably some MS server =|
Santa Claus, if XKCD is to be believed
https://xkcd.com/838/
Can you share if this will ever come to Windows 10, or will it be a Windows 11+ exclusive thing?
I'm not even sure Win11 is on my company roadmap, much less anything cutting edge like an insiders release. Windows 10 Enterprise compatibility is pretty much required for widespread adoption of Sudo for Windows.
Windows 10 is EOl next year. I would bet your company has plans to move to 11 at some point in the near future. I work with customers daily to help to move to 11
> I work with customers daily to help to move to 11
What issues are your customers having that they need profesional help to upgrade to a new Windows OS?
Is this a serious question?
Did I stutter?
Apparently, because you can't seriously be asking that question. You've clearly never worked in any kind of customer support position, because businesses and individuals need all kinds of help with a transition like that.
Already working on it :) You can follow https://github.com/microsoft/sudo/issues/2 for updates.
Honestly, the hardest part will be porting the Settings app changes to the Windows 10 styles. `sudo.exe` itself doesn't really depend on any OS platform changes, and if it did, we'd have a _very_ compelling case to bring those features with us downlevel.
Where exactly is sudo.exe? It doesn't appear to be in the repo. I don't need the Settings portion. The exe itself would be immensely useful.
Same here. Would love it on Windows 10 and Windows Server 2016+.
My left leg for Windows Terminal on Server 2016
Does this mean that the feature set of sudo for Windows can't be similar to the feature set found on sudo for *nix e.g. for BSD, MacOS, Linux..?
Does sudo supports ACLs (which are the basis of Windows security model)?
Sorry, I don't know.
It has it's own config file and can be configured to do just about anything:
https://www.sudo.ws/docs/man/1.8.15/sudoers.man/
Isn't running commands as admin, in the same terminal window, already possible via the use of runas.exe? Granted I haven't daily driven Windows in years but IIRC that does the job albeit with clunkier syntax.
runas doesn't support "same terminal window", it always has launched a new window.
It's possible this sudo could have been implement as yet more clunky flags to runas, but it seems like making it a separate tool has benefits: off by default, whereas runas is a nearly always-on required built-in; more importantly a nicer less clunky syntax.
I've been using the 'sudo' that scoop offers for a while, and it has always done exactly what I wanted and completely removed the hassle of having to open a new cmd/powershell with 'run as administrator'.
Plus it means I don't have to leave the comfort of Tabby.
Back when I used scoop, I uninstalled that right away because I didn't like how scoop installed it on its own.
Does this mean that I can run PSWindowsUpdate in a remote PowerShell session? If so, this is going to save me a lot of time. Also, AD management tools never work vie Enter-PSSession. Will stuff like that work as well?
This is good, while I know RunAS exists, I'm more likely to run another terminal with admin than learn how to use it, if sudo is there I'll use that.
Every little bit of friction removed is a good thing.
I haven't seen anyone ask the important question: Is the mascot coming along for the ride?
https://www.reddit.com/r/linuxmasterrace/comments/u4xeoy/in_...
i guess id say thanks for all your hard work, but i dont use windows.
exactly how is 'sudo for windows' different than the existing model in windows 10 where privilege elevation is a popup window and you click through it? arguably the current model is just sudo with nopasswd.
how do you reconcile the idea that your effort --without principled reform of the windows security model at a fundamental level-- is just cargo-culting a more successful projects security model?
'Start-Process powershell -Verb runAs' is the same or different than this?
Thanks for caring about security and trying to make things better. its hard, thankless and frustrating (and thats just the windows part ;))
Great to see this on Windows! Hopefully this is much easier than using the runas command.
Any particular reason the source code for sudo.exe wasn’t able to be open sourced along with the announcement of this feature?
didn't runas exist for ages?
Why don't you guys just use a regular shell? People just want a unix like command line. Windows seems to be doing a lot of work to avoid this.
It seems interesting to me that Windows integrates more and more elements of Unix.
Linux is open source and free, Apple develop an OS that sells specific hardware, and historically Windows has sold the software for generic hardware. Windows is unlikely to become a better Linux than Linux. Where is Microsoft's new business model going?
Historically Office was a money maker, but Office online is a shambles and many users interact with Office via this interface - I see Office slowly dying in favour of open source options. I see Windows licenses being sold less and less in the future. Microsoft Lens is essentially buried at this point. There are the Surface laptops/tablets which are good but not special. Dedicated games console hardware will likely become less attractive as they slowly become glorified desktop PCs.
I don't see Microsoft with big user shares in the software or hardware industries? There were a few good purchases such as Minecraft, GitHub (+), etc [1]. Is there something I'm missing?
[1] https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitio...
(+) GitHub's new security model is outright hostile - to the point I no longer want to use it.
I think there can be harm done when a re-implementation, especially a heavily divergent one, takes the name of an existing program. There's a reason OpenBSD introduced "doas" instead of calling their new thing "sudo".
Reminds me of when PowerShell decided to have "wget" and "curl" cmdlets that didn't have any of the advanced features of the originals. Naively it sounds helpful. But it introduces confusion.
the real question is... isn't it pointless if you still get UAC prompt and cannot just log in via CLI?
and what's the point of switching when gsudo basically does the same?
ha, thank you! I don't need it often but I have cursed for the want of it in Windows powershell.
scoop install sudo.
Sorry, this has been lacking for so long that you know... Late to the party.
What are the common points with Linux, and the differences?
I am a Linux user but am interested in the architectural decisions you have made. I use doas and I know there are other alternatives.
When coming up with your sudo what were your inspirations and what does sudo do that you decided you wanted to avoid?
sudo (1980) is older than Linux (1991).
I am not asking questions about sudo to someone assuming sudo is specifically Linux software.