Issue: Windows 24H2 Has Sudo
mattcargile opened this issue · 9 comments
Issue Description
https://devblogs.microsoft.com/commandline/introducing-sudo-for-windows/
Not sure if there needs to be special concessions for this? It appears it has to be enabled by the users manually. It appears Windows is using sudo as the application name. Maybe a check on install of gsudo can check for it? Maybe this should all be handled in Chocolately or Winget or Scoop itself?
Just starting the convo...I also assume Windows is using the same techniques as gsudo? I wonder if there are any exposed APIs that could be leveraged in gsudo?
Steps to Reproduce
- N/A
Screenshots
Context:
- Windows version:
- gsudo version:
After watching the YouTube video, it seems like it is only for a process and you can't pass pure powershell
to it like gsudo
. The name clash is a bummer. They should have made there binary wsudo
or the like. From reading the comments, their customers wanted the muscle memory.
The one feature that stood out was a mode that would disable the standard-in of the elevated process. Does gsudo
have this or is the standard-in always open on the elevated process?
Just starting the convo...I also assume Windows is using the same techniques as gsudo? I wonder if there are any exposed APIs that could be leveraged in gsudo?
Microsoft is not using any new Api's, at least yet, which makes it similar to gsudo, and also backwards compatible to win 10. Already documented here. Microsft sudo vs Gsudo.
Basically winsudo
or ms-sudo
(how do we name it at least in our conversations?) is same as gsudo
in Attached Mode plus forwarding of the handles, which resolves some drawbacks I had with that mode.
After watching the YouTube video, it seems like it is only for a process and you can't pass pure
powershell
to it likegsudo
.
Implementing that one is a one way road. Once implemented, then the users will expect winsudo
to accomodate to any shell, and microsoft will never do that. My opinion is that it should be PowerShell who should provide that syntax goodie, not sudo.exe
or gsudo.exe
. That would make it also work it Linux, with the real sudo.
The name clash is a bummer. They should have made there binary
wsudo
or the like. From reading the comments, their customers wanted the muscle memory.
I can't blame them on that one. But... their customers are gsudo users plus... or people who hasn't discovered gsudo yet. I think gsudo helped break the mental barrier that prevented microsoft from implementing it.
The one feature that stood out was a mode that would disable the standard-in of the elevated process. Does
gsudo
have this or is the standard-in always open on the elevated process?
I implemented it two years ago. It is documented here. The naming is not really catchy: gsudo config SecurityEnforceUacIsolation true
. Not sure if a single soul used it, since no-one ever mentioned it to me, so I didn't invest more time in it. And I am not Microsoft, so I couldn't embed telemetry (people will have valid reasons to hate an elevated app with telemetry) which means that I don't know if anyone uses it. Happy that Microsoft also implemented it, kinda gave some value that the idea was worth it.
Let's talk actionable items:
- Regarding the name clash, I wouldn't make gsudo overwrite an OS command by default. Maybe add an easy opt-in way to force gsudo's sudo alias?
- Also, let's ensure
gsudo
accepts input parameters inwinsudo
format. I was waiting forwinsudo
to stabilize before starting this.
Just starting the convo...I also assume Windows is using the same techniques as gsudo? I wonder if there are any exposed APIs that could be leveraged in gsudo?
Microsoft is not using any new Api's, at least yet, which makes it similar to gsudo, and also backwards compatible to win 10. Already documented here. Microsft sudo vs Gsudo.
Basically
winsudo
orms-sudo
(how do we name it at least in our conversations?) is same asgsudo
in Attached Mode plus forwarding of the handles, which resolves some drawbacks I had with that mode.After watching the YouTube video, it seems like it is only for a process and you can't pass pure
powershell
to it likegsudo
.Implementing that one is a one way road. Once implemented, then the users will expect
winsudo
to accomodate to any shell, and microsoft will never do that. My opinion is that it should be PowerShell who should provide that syntax goodie, notsudo.exe
orgsudo.exe
. That would make it also work it Linux, with the real sudo.The name clash is a bummer. They should have made there binary
wsudo
or the like. From reading the comments, their customers wanted the muscle memory.I can't blame them on that one. But... their customers are gsudo users plus... or people who hasn't discovered gsudo yet. I think gsudo helped break the mental barrier that prevented microsoft from implementing it.
The one feature that stood out was a mode that would disable the standard-in of the elevated process. Does
gsudo
have this or is the standard-in always open on the elevated process?I implemented it two years ago. It is documented here. The naming is not really catchy:
gsudo config SecurityEnforceUacIsolation true
. Not sure if a single soul used it, since no-one ever mentioned it to me, so I didn't invest more time in it. And I am not Microsoft, so I couldn't embed telemetry (people will have valid reasons to hate an elevated app with telemetry) which means that I don't know if anyone uses it. Happy that Microsoft also implemented it, kinda gave some value that the idea was worth it.Let's talk actionable items:
- Regarding the name clash, I wouldn't make gsudo overwrite an OS command by default. Maybe add an easy opt-in way to force gsudo's sudo alias?
- Also, let's ensure
gsudo
accepts input parameters inwinsudo
format. I was waiting forwinsudo
to stabilize before starting this.
I think adding an option to keep the "sudo" alias is a good and high-priority item.
I added a config setting, that when toggled will ensure gsudo path appears first in the PATH in #353.
It's currently named PathPrecedence
Alternatively, I could name the config option something like EnsureSudoAlias
or similar.., But subjectively, the PathPrecedence sounds more explicit. Opinions before this is released?
I believe that overriding Ms-Sudo should NOT be the default, An opt-in is preferrable. Scripts or people may want to use sudo
for ms-sudo, and gsudo
for this one.
In #354, I've added a brief description to gsudo config
Next goal, make gsudo arguments compatible with 24H2
ms-sudo.
Alternatively, I could name the config option something like
EnsureSudoAlias
or similar.., But subjectively, the PathPrecedence sounds more explicit. Opinions before this is released?
Yeah, i think PathPrecedence is more accurate to what it does.
I believe that overriding Ms-Sudo should NOT be the default, An opt-in is preferrable. Scripts or people may want to use
sudo
for ms-sudo, andgsudo
for this one.
Ye. while i prefer gsudo i just opted to not mess with ms-sudo for now.
Next goal, make gsudo arguments compatible with
24H2
ms-sudo.
Thanks for being one step ahead of these kind of changes, and for making gsudo, been using it already for 3 years
Pre-Release available:
https://github.com/gerardog/gsudo/releases/tag/v2.5.0
v2.5.0 is out. Anything else to address, or any other idea?
I just now noticed that gsudo lacks a nice beautiful icon, like it's done in microsoft sudo
Yeap. I lack the skills to make a beautiful one...
For https://gerardog.github.io/gsudo/ I did this thing:
... which is terrible ...
suggestions accepted!