Remove mandatory elevation #6721
Labels
area/security
feature/usability
kind/enhancement
This issue represents an enhancement we are committed to adding to Octopus as some time
Milestone
The enhancement
What is the problem this solves or benefit it gives
On Windows, we currently use an application manifest to demand admin rights to run the
octopus.server.exe
application.This is too broad, actively encouraging bad behaviour at runtime for customers (violating the principal of least privilege) and also at dev time (running IDEs as admin etc).
This forces you to run an admin shell to even run
octopus.server.exe --help
!This also blocks potential future functionality like command line auto-complete.
(well, this is an unsigned binary... users would see a slightly different one because its signed)
Proposed solution
Instead of relying on a manifest to ask for admin rights, we should just show a message when the user is trying to do something that requires admin but doesn't have admin rights.
The commands this will impact are:
builtin-worker
(windows only)checkservices
(windows only)service
ssl-certificate
watchdog
(windows only)run
All others should work without admin rights.
Workarounds
None, unfortunately. The application must run with admin rights.
Links
Prerequisites
The text was updated successfully, but these errors were encountered: