New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PowerShell task running with lower privileges than user #49712

Open
szul opened this Issue May 11, 2018 · 13 comments

Comments

Projects
None yet
3 participants
@szul

szul commented May 11, 2018

I have a PowerShell one-liner that works perfectly fine in a PowerShell window, as well as the PowerShell terminal in Visual Studio Code, but when I set it up to run as a task in Visual Studio Code, it gives me a permission denied error when it attempts to access the directories/files. You can find the task in this gist.

@vscodebot vscodebot bot added the tasks label May 11, 2018

@dbaeumer dbaeumer added this to the On Deck milestone May 14, 2018

@dbaeumer

This comment has been minimized.

Show comment
Hide comment
@dbaeumer

dbaeumer May 14, 2018

Member

@Tyriar any idea what could cause this. Is the terminal tweaking the execution policy for PowerShell ?

Member

dbaeumer commented May 14, 2018

@Tyriar any idea what could cause this. Is the terminal tweaking the execution policy for PowerShell ?

@szul

This comment has been minimized.

Show comment
Hide comment
@szul

szul May 14, 2018

@dbaeumer @Tyriar If I attempt to alter the execution policy myself, and run multiple commands in the task (separated by a semi-colon), I'll get the same error.

So this:

{
    "version": "2.0.0",
    "tasks": [
        {
            "label": "chatdown",
            "type": "shell",
            "command": "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted; Get-ChildItem **/*.chat | ForEach-Object { chatdown \"$(Split-Path $_.FullName)/$($_.Name )\" >  \"$(Split-Path $_.FullName)/$($_.BaseName).transcript\" }",
            "problemMatcher": []
        }
    ]
}

Gives me this:

out-file : Access to the path 'C:\Users\micha\x\ginny\chats' is denied.
At line:1 char:165
+ ... plit-Path $_.FullName)/$($_.Name ) > $(Split-Path $_.FullName)/$($_.B ...
+                                            ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (:) [Out-File], UnauthorizedAccessException
    + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

...which is same error I get without the execution policy code.

szul commented May 14, 2018

@dbaeumer @Tyriar If I attempt to alter the execution policy myself, and run multiple commands in the task (separated by a semi-colon), I'll get the same error.

So this:

{
    "version": "2.0.0",
    "tasks": [
        {
            "label": "chatdown",
            "type": "shell",
            "command": "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted; Get-ChildItem **/*.chat | ForEach-Object { chatdown \"$(Split-Path $_.FullName)/$($_.Name )\" >  \"$(Split-Path $_.FullName)/$($_.BaseName).transcript\" }",
            "problemMatcher": []
        }
    ]
}

Gives me this:

out-file : Access to the path 'C:\Users\micha\x\ginny\chats' is denied.
At line:1 char:165
+ ... plit-Path $_.FullName)/$($_.Name ) > $(Split-Path $_.FullName)/$($_.B ...
+                                            ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (:) [Out-File], UnauthorizedAccessException
    + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

...which is same error I get without the execution policy code.

@Tyriar

This comment has been minimized.

Show comment
Hide comment
@Tyriar

Tyriar May 14, 2018

Member

@szul are you using the PowerShell extension?

Member

Tyriar commented May 14, 2018

@szul are you using the PowerShell extension?

@szul

This comment has been minimized.

Show comment
Hide comment
@szul

szul May 14, 2018

@Tyriar Define "using." I have the extension installed. Running the script in the integrated console/terminal in VSCode works fine. It's only when attempting to get the task to run. Is there a special configuration/command with the extension that elevates the permissions?

szul commented May 14, 2018

@Tyriar Define "using." I have the extension installed. Running the script in the integrated console/terminal in VSCode works fine. It's only when attempting to get the task to run. Is there a special configuration/command with the extension that elevates the permissions?

@Tyriar

This comment has been minimized.

Show comment
Hide comment
@Tyriar

Tyriar May 14, 2018

Member

The powershell extension has its own executable that wraps powershell.exe which helps configure a bunch of stuff and routes data to and from vscode/powershell. The reason I ask is that issues related to the powershell integrated console should go to that team.

If you launch a standard terminal, can you run that command? The dropdown should just say "powershell":

image

Member

Tyriar commented May 14, 2018

The powershell extension has its own executable that wraps powershell.exe which helps configure a bunch of stuff and routes data to and from vscode/powershell. The reason I ask is that issues related to the powershell integrated console should go to that team.

If you launch a standard terminal, can you run that command? The dropdown should just say "powershell":

image

@szul

This comment has been minimized.

Show comment
Hide comment
@szul

szul May 14, 2018

@Tyriar Yes. If I run the command in the PowerShell terminal there, it works just fine. It's only when I attempt to execute it as a task that I get the permission issue.

szul commented May 14, 2018

@Tyriar Yes. If I run the command in the PowerShell terminal there, it works just fine. It's only when I attempt to execute it as a task that I get the permission issue.

@Tyriar

This comment has been minimized.

Show comment
Hide comment
@Tyriar

Tyriar May 14, 2018

Member

If that's the case I'm not sure what's happening. @dbaeumer you must be spawning the terminal differently in some way to cause this?

Member

Tyriar commented May 14, 2018

If that's the case I'm not sure what's happening. @dbaeumer you must be spawning the terminal differently in some way to cause this?

@dbaeumer

This comment has been minimized.

Show comment
Hide comment
@dbaeumer

dbaeumer May 15, 2018

Member

@Tyriar here is how I spawn the terminal in a simple dir example:

capture

The shellLaunchConfig is the one I pass to terminalService.createTerminal.

So at the end I simply take the shell setting for the integrated terminal and the add -Command ... to it. So there is nothing I can think of that makes this special.

@szul does this happen as well when you disable / uninstall the PowerShell extension?

Member

dbaeumer commented May 15, 2018

@Tyriar here is how I spawn the terminal in a simple dir example:

capture

The shellLaunchConfig is the one I pass to terminalService.createTerminal.

So at the end I simply take the shell setting for the integrated terminal and the add -Command ... to it. So there is nothing I can think of that makes this special.

@szul does this happen as well when you disable / uninstall the PowerShell extension?

@szul

This comment has been minimized.

Show comment
Hide comment
@szul

szul May 15, 2018

@dbaeumer I get the same results with the extension installed or uninstalled, and with and without the Set-ExecutionPolicy in the shell command. The command is running Chatdown from the new Bot Framework tools, but it only reads from one file, transforming the data, and then outputs to a second file. If I have just a single chatdown command chatdown test.chat > test.transform in the "command" property, it works fine. It's only when I attempt to do a single line PowerShell command that recurses and reads/writes that this happen.

szul commented May 15, 2018

@dbaeumer I get the same results with the extension installed or uninstalled, and with and without the Set-ExecutionPolicy in the shell command. The command is running Chatdown from the new Bot Framework tools, but it only reads from one file, transforming the data, and then outputs to a second file. If I have just a single chatdown command chatdown test.chat > test.transform in the "command" property, it works fine. It's only when I attempt to do a single line PowerShell command that recurses and reads/writes that this happen.

@dbaeumer

This comment has been minimized.

Show comment
Hide comment
@dbaeumer

dbaeumer May 16, 2018

Member

@szul thanks. Will it work when you put the command into a ps file and execute that.

I see that parts for the command are quoted so might be something goes wrong with the quotes when executed as a single command.

Member

dbaeumer commented May 16, 2018

@szul thanks. Will it work when you put the command into a ps file and execute that.

I see that parts for the command are quoted so might be something goes wrong with the quotes when executed as a single command.

@szul

This comment has been minimized.

Show comment
Hide comment
@szul

szul May 16, 2018

@dbaeumer We have a winner. So it works from a *.ps1 file executed in the command property in tasks.json, but not if the command is explicitly written in the task.json file.

On thing to note: When the task ran previously, the escapes occurred appropriately, and the command output to the terminal window showed the correct command.

I'm guessing the problem is maybe with the way that command gets translated and pushed to the shell?

szul commented May 16, 2018

@dbaeumer We have a winner. So it works from a *.ps1 file executed in the command property in tasks.json, but not if the command is explicitly written in the task.json file.

On thing to note: When the task ran previously, the escapes occurred appropriately, and the command output to the terminal window showed the correct command.

I'm guessing the problem is maybe with the way that command gets translated and pushed to the shell?

@dbaeumer

This comment has been minimized.

Show comment
Hide comment
@dbaeumer

dbaeumer May 16, 2018

Member

@szul I think that is the problem. I will investigate further.

Member

dbaeumer commented May 16, 2018

@szul I think that is the problem. I will investigate further.

@dbaeumer dbaeumer added bug and removed needs more info labels May 16, 2018

@dbaeumer dbaeumer modified the milestones: On Deck, May 2018 May 16, 2018

@dbaeumer dbaeumer modified the milestones: May 2018, June 2018 May 30, 2018

@dbaeumer dbaeumer modified the milestones: June 2018, On Deck Jun 26, 2018

@dbaeumer

This comment has been minimized.

Show comment
Hide comment
@dbaeumer

dbaeumer Aug 28, 2018

Member

@JhonnyTerminus can you please open a new issue since your case is different to the one discussed so far in this issue.

Member

dbaeumer commented Aug 28, 2018

@JhonnyTerminus can you please open a new issue since your case is different to the one discussed so far in this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment