
Show HN: Sudo for Windows - barlog
https://github.com/mattn/sudo
======
stinos
If you're at the command line anyway, Powershell is nearly always a better
choice, and it has that covered also. See TokenDiversity 's comment, or use a
simple function or use Invoke-Elevated from an installable package. E.g.
[https://stackoverflow.com/questions/1566969/showing-the-
uac-...](https://stackoverflow.com/questions/1566969/showing-the-uac-prompt-
in-powershell-if-the-action-requires-elevation)

Or if you know the admin account you could use something like

    
    
        Invoke-Command -ScriptBlock { ls } -ComputerName $env:COMPUTERNAME -Credential (Get-Credential)

~~~
jhasse
> Powershell is nearly always a better choice

Not if I want resemblance with Bash-like shells. I guess that's also the point
of this: Most people already know sudo from Linux and cmd.exe, now they can
use both together.

~~~
nailer
20 year bash user and recent Powershell convert here. Powershell has proper
things like profiles and aliases, cool stuff like being able to cd and rm the
Environment and Registry keys like files. cmd has none of those.

(Plus powershells structured output so you can use 'where' and 'select' and
'get-member' rather than scraping with regexs. )

~~~
kelnos
> cool stuff like being able to cd and rm the Environment and Registry keys
> like files. cmd has none of those

Emblematic of what's wrong with the Powershell (or perhaps MS as a whole)
philosophy: you don't build this functionality into a shell, you build a file
system module (you'd do it with FUSE if on Linux) that "mounts" the registry
as a bunch of files. Then you could edit it in any shell or text editor, or
even in a GUI file manager and GUI text editor if you wanted to.

~~~
duke360
i would call it "what's right with powershell" instead

~~~
cptn_brittish
By adding extra complexity to a shell command instead of offloading the
process to small programs with a defined api?

I can see a lot more maintainability and portability of a implementation using
FUSE to mount these systems as filesystems (so the abstraction is complete
across the entire system instead of just in the command). Also the ease of
having a abstraction which does not require special capabilities to be added
to a program before it is useful is a reason that no system has properly
supported these models before in this manner. On a UNIX system the same
techniques could of been implemented sometime between the 70's and now to
interact with environment variables and it has probably been implemented
before but it has not gained mindshare as that approach is not scalable.

------
phs2501
There's also a "sudo" for windows distributed as a chocolatey package that
I've used for at least a year. Appears to do pretty much the same thing as
this one.

[https://chocolatey.org/packages/Sudo](https://chocolatey.org/packages/Sudo)

~~~
flukus
Chocolatey is one of my biggest reasons to use this. Every single time I
install something I forget to run as admin.

------
ocdtrekkie
I've always been annoyed by the lack of ability for certain things to elevate
as needed. Why doesn't Notepad offer to let you elevate when you try and save
the hosts file?

I can't count how often I relaunch Command Prompt to Run as Admin.

But I'm hesitant to use a third party tool here, I really wish Microsoft just
dealt with this properly.

~~~
pjmlp
1 - Shift-Right Click on the executable, including links

2 - Select Run As...

~~~
oblio
His point was more like:

1\. Launch Notepad.

2\. Open etc\hosts (within the bowels of C:\Windows).

3\. Edit the file.

4\. Try to save.

5\. Profit?!? No, fail!

~~~
dagw
How is that different from *nix?

~~~
oblio
With graphical editors integrated into PolicyKit (I think that's the name),
you get an elevation prompt.

~~~
pjmlp
Which is not standard across all *nix variants and requires explicit use of
Freedesktop APIs.

~~~
oblio
But it's there.

And if we go by "standard across all * nix variants", outside of base POSIX
(if even that), nothing is really standard across all * nix variants. There's
no way "standards across all * nix variants" can compete with Microsoft's APIs
available across, say, 90% of their installed user base.

~~~
pjmlp
Which is why developers that actually care about the whole desktop experience
setttle on OS X and Windows.

Developers that are fine with xmonad and CLI, settle for a POSIX experience,
making such APIs like PolicyKit barely used, because portable UNIX
applications don't adopt them.

------
mattn_jp
Hi, all.

I'm author. I added this because I want to write hosts file with ":w !sudo tee
%" from gvim.exe on Windows. But most of implementations doesn't work for
this.

~~~
eps
You should probably clarify in the Readme that your sudo remembers the
credentials or this thread will overflow with runas alternative suggestions.

------
Jaruzel
I literally wrote something identical just over a week ago; even called it
sudo as well. Mine's in .NET as a little EXE. It's about 10 lines of code. I
am _not_ dissing this effort though. Far from it. Open Source is cool.

It's annoying that you still have to navigate the UAC dialog though - not sure
how to get around that, without compromising security.

For those talking about right-click on the EXE... If you live in the command
prompt, having to reach for the mouse just to elevate is irritating as hell.

~~~
eps
The main point of sudo is that it eliminates the need to enter the password
for a while.

Does your "something identical in 10 lines" do that?

~~~
blauditore
> The main point of sudo is that it eliminates the need to enter the password
> for a while.

I disagree, that's just an additional feature of it. The main point is that
you can carry out admin tasks from an otherwise more restricted environment,
so you only elevate your power when necessary. Otherwise, users might be
tempted to always run whole sessions as an admin/root for convenience.

------
TokenDiversity
I don't understand Windows permissions well but if anybody looking to do this
without a dpendencey.. I think

`Start-Process <stuff> -verb RunAs` does the same

------
pjmlp
Nice as a learning project, but RunAs is already supported at CLI and GUI
level, since several versions.

For those without much Windows GUI-fu, shift-right click.

~~~
larschdk
But it's extremely cumbersome from the CLI.

RunAs always asks for password for the Administrator account (not the account
for the delegated account like sudo). I have admin access to my work PC, but
not the Administrator password (since UAC grants me access). Also, running
elevated programs always in separate windows, so you can't redirect their
input/output. And CLI program disappear instantly (no time to read the
output).

I have used elevate.exe
([http://code.kliu.org/misc/elevate/](http://code.kliu.org/misc/elevate/)) but
sudo seems even better (supports redirecting input/output).

~~~
pawadu
> I have admin access to my work PC, but not the Administrator password

I am not sure if I understand this. Does the machine have two different admin
accounts, once of which you have access to?

~~~
dagw
In windows you can assign admin access to any account if you wish, kind of
like sudo in unix. "Administrator" is a special account, basically like root
in unix.

~~~
pawadu
I am still confused. Can't you specify account name like so?

    
    
        runas /user:Administrator2

~~~
larschdk
Yes, but you need the password then. With admin priviledges you can run "as
admin" without needing to know the password. The privileged account still runs
programs in normal mode (unprivileged), but can launch programs with elevated
permissions.

~~~
pawadu
So basically log in as admin and hope you don't press Yes on a UAC dialog by
accident?

Sounds dangerous to me.

~~~
Const-me
The dialog has been designed in a way so that’s almost impossible to press by
accident, nor programmatically.

Specially dimmed background, characteristic sound, the dialog runs on a
dedicated desktop i.e. you won’t see any apps nor the start menu. Also the
default button is No i.e. you can’t accidentally press Yes with enter or space
keys, you have to use a mouse.

------
kyriakos
This is actually very useful, will save me time reopening terminal sessions

------
Grom_PE
I just use this 6 kb no-dependencies command line program:

[http://code.kliu.org/misc/elevate/](http://code.kliu.org/misc/elevate/)

~~~
mattn_jp
I read the code. I don't make sure but AFAIS, elevate doesn't handle
stdin/stdout/stderr, can't pass environment variable correctly. After set
FOO=bar, the process can't read FOO. etc.

------
ComodoHacker
Is it really sudo? Does it remember credentials somewhere for a limited time
and across the whole system? If so, I cant see a way to implement it securely
if you're not MS.

~~~
skrebbel
There's no true Scotsman, you know.

This solves a real problem and it works great. There's no horrible issue with
getting a UAC dialog every time you do a sudo command. After all, in Windows
(for better or worse) you need to be Administrator for less stuff.

------
locusm
There is also a sudo for scoop [http://scoop.sh/](http://scoop.sh/)

------
yread
There is also CPAU where you can store the elevated command as a sort of batch
file
[http://www.joeware.net/freetools/tools/cpau/](http://www.joeware.net/freetools/tools/cpau/)

------
dewiz
All of this can be done with a bit of vbscript, no need to install anything

------
elsamuko
I'm using

    
    
      cygstart --action=runas
    

This works well, too.

~~~
robbyt
Yeah, I'm never going to remember that one...

~~~
sapphire_tomb
Maybe this will help? :)

alias sudo="cygstart --action=runas"

------
sllabres
Isn't this more like "su" instead of "sudo"?

(and it would spare two key strokes ;)

