-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notify user when binary invocation requires permission elevation. #20907
Comments
Could you show an example of a utility that does not notify about the need to elevate rights? |
@237dmitry, I think you've asked the wrong question for what you want to know, because the answer to what you ask would be PowerShell. I expect you instead want to know what package when installed would allow this behaviour to be reproduced. In that instance, as the aforecited openSUSE/cnf#8 (comment) states, install https://download.opensuse.org/repositories/hardware/openSUSE_Tumbleweed/x86_64/lshw-B.02.19.2+git.20231115-75.3.x86_64.rpm on cpe:/o:opensuse:tumbleweed:20231209. |
This comment was marked as resolved.
This comment was marked as resolved.
|
I used PowerShell snap (6.*) on NixOS just because then I had no another variant. The impressions were not the best, the functionality was limited, only half of the cmdlets... > $PSVersionTable.Add('Kernel',$(uname -r))
> $PSVersionTable.Add('PSHome',$PSHome)
> $PSVersionTable
Name Value
---- -----
PSVersion 7.4.0
PSEdition Core
GitCommitId 7.4.0
Kernel 6.6.6-arch1-1
OS ArcoLinux
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSHome /opt/pwsh
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
> whereis lshw
lshw: /usr/bin/lshw /usr/share/lshw /usr/share/man/man1/lshw.1.gz
> lshw | sls 'WARNING'
WARNING: you should run this program as super-user.
WARNING: output may be incomplete or inaccurate, you should run this program as super-user. |
@237dmitry, so this could be an example of different behaviour in Windows and Linux? Or do you mean that this might be a distribution-specific issue? Necessarily, can you confirm that what #20907 (comment) depicts is indeed installed-by-default PowerShell functionality, not functional |
Yes, the distribution of PowerShell, I always install pwsh manually from a tarball on releases page.
No, this is the functionality of the utilities themselves, the output is exactly like in bash |
Going back to the original ticket, "lshw" is in /usr/sbin. Normally only root has /usr/sbin on their PATH. Non-root users don't have /usr/sbin on their PATH because they are not supposed to run those programs. That should really be the end of the story. |
> $env:PATH.Split(':')
/opt/pwsh
/home/me/bin
/opt/bin
/usr/local/sbin
/usr/local/bin
/usr/bin
/usr/bin/site_perl
/usr/bin/vendor_perl
/usr/bin/core_perl
> gi /usr/sbin
Directory: /usr
UnixMode Num UID GID LastWriteTime Size Name
-------- --- --- --- ------------- ---- ----
lrwxrwxrwx 755 0 0 18.09.2023 16:18 sbin -> bin |
@rhubarb-geek-nz, that's why the shell should notify the user that they need to use elevated permissions to access it. That's the point of this ticket. Other shells and utilities do so. |
As I said, normally. Debian.
Ubuntu
RedHat
If they are all in a single bin directory, then how do you know? |
@237dmitry, have you evaluated
That doesn't clarify it. |
@rhubarb-geek-nz, how do I know what? |
That you need elevated permission to run it. If you are expecting the shell to do something special, what is it making that determination on? For example it could simply be that the |
The first thing I did after installing Linux was uninstall snap and flatpak. |
Likewise, @237dmitry, but in this case, in order for us to have reliable results, using it will be necessary unless we create a separate issue about environment differences. So Snap is more reliable for this. |
Normally, this is when everything works and the latest software is available. |
@rhubarb-geek-nz, I can only suggest https://github.com/openSUSE/cnf.git as an example, although the message it creates hints that it uses the location of the binary:
|
Standard file systems exist for a reason, it keeps things consistent and simple. If you want If you want to run as a non-root user with If the system can't run a command because you mistyped it, it should not start searching everywhere for that program, it should simply say program not found. If you want to look for it, then use the tools to look for it.
or
Simple, clear and to the point. |
I don't see how any of that relates to this issue. I don't propose anything which would be impacted by the HFS - permission management is performed per-file, and directory identification doesn't require any modification to the directory polled. Additionally, how I decide or not to invoke a command after it has been identified by the shell is also irrelevant - why would that impact this? The sole scope of this issue is to identify that a command not in |
If it is not on the PATH then it is not an eligible command to run. The permissions it has are irrelevant because it is in a directory that is not on the PATH. The shell should not be inventing things and looking in directories that are not on the PATH. -- unless the fully qualified path to the executable was used. The shell should only look on the path when there is no |
@rhubarb-geek-nz, if you're an authority on this, then I'll close the issue as unplanned, but is there any PowerShell policy determining such, or is that merely your own opinion? I see no reason why this shouldn't be desirable, especially since PowerShell is the default shell on Windows, and thus the shell most newbies are familiar with, regardless of OS. |
|
Let me try to untangle the various issues:
|
@RokeJulianLockhart,leaving the command-not-found handler aspect aside and focusing on the gist of your proposal:
Therefore, I don't think there is anything actionable here, and - unless you disagree with my analysis - please consider closing this issue. |
@mklement0, it seems that PolKit is the answer, then. Thanks for the detailed responses. |
Summary of the new feature / enhancement
Currently, PowerShell does not notify the user that invoking a binary in
$PATH
which requires higher permissions (usually those of the superuser) than the invoking user possesses are necessary. It should.Proposed technical implementation details (optional)
As Does not operate in PowerShell. openSUSE/cnf#8 (comment) describes.
The text was updated successfully, but these errors were encountered: