* Feature request: sudo
@ 2023-01-19 19:17 Jochen Wiedmann
2023-01-19 20:38 ` Corinna Vinschen
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jochen Wiedmann @ 2023-01-19 19:17 UTC (permalink / raw)
To: cygwin
Hi,
as someone who is quite used to typing
sudo do something
I would really like to do the same in my CygWin bash.In my opinion,
this could be implemented
relatively simply, and straightforward as follows:
- Accept an array of strings with the command, that is being
executed with administrator
privileges.
- Use the standard Windows API to execute some functionality with
admin privileges.
In the current case, that functionality would be a simple exec
with the above command line.
The result would be a sudo executable without some of the configurable
features of the
Linux/Unix sudo (like execution without password, or execution of
special command lines
without root privileges), but just the same for all practical
purposes. I think, that a lot of users
would benefit.
Thanks,
Jochen
--
Philosophy is useless, theology is worse. (Industrial Disease, Dire Straits)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Feature request: sudo
2023-01-19 19:17 Feature request: sudo Jochen Wiedmann
@ 2023-01-19 20:38 ` Corinna Vinschen
2023-01-19 21:27 ` Kevin Schnitzius
2023-01-19 21:53 ` Thomas Wolff
2 siblings, 0 replies; 4+ messages in thread
From: Corinna Vinschen @ 2023-01-19 20:38 UTC (permalink / raw)
To: cygwin
On Jan 19 20:17, Jochen Wiedmann via Cygwin wrote:
> Hi,
>
> as someone who is quite used to typing
>
> sudo do something
>
> I would really like to do the same in my CygWin bash.In my opinion,
> this could be implemented
> relatively simply, and straightforward as follows:
>
> - Accept an array of strings with the command, that is being
> executed with administrator
> privileges.
> - Use the standard Windows API to execute some functionality with
> admin privileges.
> In the current case, that functionality would be a simple exec
> with the above command line.
Assuming you already are running an administrative account and you just
want to elevate a process, rather than actually switching the user
context to, say, "Administrator".
- The underlying Win32 system calls implementing fork/execve, i.e.
CreateProcess and CreateProcessAsUser, don't allow to start an
elevated process from a non-elevated process, unless you already have
access to your elevated token. While you can actually access that
token, this token is not suitable for CreateProcessAsUser, unless you
access it with TCB privileges... which only an already elevated
process has.
- Windows doesn't provide SUID/SGID bits. They are just faked in Cygwin
using some bits in a NULL SID. Thus, a sudo tool with SUID bit set is
not workable on Windows, unless you control running an executable from
an already privileged process which creates the user token. This
could be done by cygserver, but nobody implemented that yet.
https://cygwin.com/acronyms/#SHTDI
Having said that, you can kind of do it yourself:
- Install and run Cygwin's sshd as a service.
- Create a public key pair.
- alias sudo='ssh localhost'
Corinna
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Feature request: sudo
2023-01-19 19:17 Feature request: sudo Jochen Wiedmann
2023-01-19 20:38 ` Corinna Vinschen
@ 2023-01-19 21:27 ` Kevin Schnitzius
2023-01-19 21:53 ` Thomas Wolff
2 siblings, 0 replies; 4+ messages in thread
From: Kevin Schnitzius @ 2023-01-19 21:27 UTC (permalink / raw)
To: Cygwin
On Thursday, January 19, 2023 at 02:18:52 PM EST, Jochen Wiedmann via Cygwin <cygwin@cygwin.com> wrote:
> as someone who is quite used to typing
>
> sudo do something
>cat /usr/local/bin/sudo
#!/usr/bin/bash
cygstart --action=runas "$@"
This has limitations but it mostly works...
Kevin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Feature request: sudo
2023-01-19 19:17 Feature request: sudo Jochen Wiedmann
2023-01-19 20:38 ` Corinna Vinschen
2023-01-19 21:27 ` Kevin Schnitzius
@ 2023-01-19 21:53 ` Thomas Wolff
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Wolff @ 2023-01-19 21:53 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1187 bytes --]
Am 19.01.2023 um 20:17 schrieb Jochen Wiedmann via Cygwin:
> Hi,
>
> as someone who is quite used to typing
>
> sudo do something
>
> I would really like to do the same in my CygWin bash.In my opinion,
> this could be implemented
> relatively simply, and straightforward as follows:
>
> - Accept an array of strings with the command, that is being
> executed with administrator
> privileges.
> - Use the standard Windows API to execute some functionality with
> admin privileges.
> In the current case, that functionality would be a simple exec
> with the above command line.
>
> The result would be a sudo executable without some of the configurable
> features of the
> Linux/Unix sudo (like execution without password, or execution of
> special command lines
> without root privileges), but just the same for all practical
> purposes. I think, that a lot of users
> would benefit.
>
> Thanks,
>
> Jochen
There used to be a su tool in cygwin.
See future of su
<https://sourceware.org/pipermail/cygwin-apps/2012-May/030226.html> and
"su" command removed / coreutils-8.23-2
<https://sourceware.org/pipermail/cygwin/2014-September/217105.html> for
some discussion.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-19 21:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-19 19:17 Feature request: sudo Jochen Wiedmann
2023-01-19 20:38 ` Corinna Vinschen
2023-01-19 21:27 ` Kevin Schnitzius
2023-01-19 21:53 ` Thomas Wolff
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).