-
Notifications
You must be signed in to change notification settings - Fork 759
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Start as unpriviliged user by default with sudo for Windows enabled systems #2251
Comments
One problem with starting as non-admin is you have no way of elevating to admin when you need it to. While there is now the |
Yes, Microsoft sudo-like should allow TTY elevation and so be usable trough SSH. Our use case: On our CI infra we allow connexion for a dedicated CI user with SSH and RDP. For some use cases this CI user need elevated privileges (mainly for Debugging sessions with Visual Studio). But we want to keep all actions done through SSH without elevated privileges (like RDP). Currently with SSH, we are corrupting caches, workspaces, tmp folders, ... with files owned by 'Administrator' (unlike RDP). Also, we do not create disctincts user for SSH access, to limit complexity/errors, all CI operations are made by only one user. As describe in above use case, this will also match the well know workflow already implemented in RDP and all Windows session (by default no rights, elevation only on demand) We are disabling SSH access for now, since RDP work as expected. We keep SSH access only for Linux and Macos, working as expected with sudo and TTY. |
Summary of the new feature / enhancement
Currently, when the user is assigned to Administrators, the ssh session will also be an Administrator session. This breaks some software like scoop.
Due to the development of sudo for Windows (https://github.com/microsoft/sudo), it would be a good idea to always start the session unprivileged. If the user needs Admin rights, they should use sudo instead.
Proposed technical implementation details (optional)
No response
The text was updated successfully, but these errors were encountered: