I just tried out sudo on Windows 11 build 26052 and it is not as good as I thought it would be. Why can it not just prompt for a password or PIN on the terminal instead of popping up a UAC prompt? This is annoying. I ran a command, sudo netstat -r and I got no output. Why does it not work as shown below?
(jcartwright@localhost) 192.168.1.5 Videos $ sudo netstat -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for jcartwright:
That would be much better than what we have at the moment would it not?
This is part of a sudoers file from Alma Linux. This controls what commands may be run by which users.
# # Adding HOME to env_keep may enable a user to run unrestricted # commands via sudo. # # Defaults env_keep += "HOME" Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple ## systems). ## Syntax: ## ## user MACHINE=COMMANDS ## ## The COMMANDS section may have other options added to it. ## ## Allow root to run any commands anywhere root ALL=(ALL) ALL ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) #includedir /etc/sudoers.d
This is how it should work in Windows 11 and 12 as well, have a configuration that can limit which commands a user may run, this could be part of Software Restriction Policies. This would be great for security.