Posted: . At: 1:40 PM. This was 3 months ago. Post ID: 19195
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.



Sponsored



Sudo on Windows is not as good as it claims to be.

by

I just tried out sudo on Windows 11 build 26052 and it is not as good as I thought it would be. Why can it not just prompt for a password or PIN on the terminal instead of popping up a UAC prompt? This is annoying. I ran a command, sudo netstat -r and I got no output. Why does it not work as shown below?

(jcartwright@localhost) 192.168.1.5 Videos  $ sudo netstat -l

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for jcartwright:

That would be much better than what we have at the moment would it not?

This is part of a sudoers file from Alma Linux. This controls what commands may be run by which users.

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on 
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
##      user    MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere 
root    ALL=(ALL)       ALL

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the 
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d

This is how it should work in Windows 11 and 12 as well, have a configuration that can limit which commands a user may run, this could be part of Software Restriction Policies. This would be great for security.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.