Sudo doesn't prompt for elevation

[lukesampson]

Mentioned by @guillermooo in ScoopInstaller/Scoop#1

sudo does not prompt for elevation? It simply tells you you have to be an admin.

[guillermooo]

If you run this, do you get a UAC popup?

start powershell.exe -arg "-nologo -noexit echo 'hi from admin'" -verb runas

I do... I'll try to look into the issue.

[guillermooo]

This seems to be the problem:

https://github.com/lukesampson/psutils/blob/master/sudo.ps1#L72

If the user is not an admin, the !is_admin will always abort execution, without giving a chance to reach the elevation part. Perhaps I'm missing something, but I've tried both from my regular and admin accounts, and by removing that check, everything seems to work as expected.

[lukesampson]

Oh right—thanks for looking into it.

I intended sudo to work from an account that's in the local Administrators group, or the local Administrator account. Looks like I didn't handle the latter case though.

Am I right to understand that your regular account is not in the local Administrators group, and your admin account is the actual built-in Administrator account?

[guillermooo]

Yes, that is correct.

[lukesampson]

Hmmm. If you're the Administrator then I would expect is_elevated on line 66 to return true and it should run your command. The only thing I can guess is that maybe it's something to do with being a domain admin, but not a local admin?

Would you mind running this gist in powershell and sending me the output so I can try to reproduce the problem? You can run it quickly with

iex (new-object net.webclient).downloadstring('https://gist.github.com/lukesampson/6725722/raw/sudo_diag.ps1')

If you prefer not to put details here, my email is "me at lukesampson dot com".

[lukesampson]

I've updated sudo with is_admin and is_elevated removed, so this should work for you now—you'd just need to run

scoop update
scoop update sudo

[guillermooo]

Everything seems to work fine now. Thanks!

For completeness, on my Win7 machine my admin account is not the default Administrator account. I had originally had trouble using scoop on my Win8 machine, though, but I suspect it's the same thing there.

[lukesampson]

Great, glad it works now! Thanks for taking the time to look into it. Let me know if you find any more problems, but I'll close this one now.

[lukesampson]

Based on your insight in #4, sudo now checks whether the current user is in the Administrators group in a non-English-centric way, and only allows elevation if they are.

This should prevent problems caused by elevating to a different account with a different path variable. I've removed the warning against doing this when you install through scoop, since it's no longer possible.

If you get a chance to confirm whether this works on your multicultural setup, I'd appreciate it! I.e.

scoop update; scoop update sudo

I did try installing another language pack, but apparently you need the Ultimate or Enterprise editions to do that :(

[guillermooo]

Everything seems to be working fine. Thanks!

[guillermooo]

I've realized the environment problem remains. I cannot run ln elevating to an account other than mine, because scoop and friends aren't available there. So it seems keeping the notes would still make sense?

[lukesampson]

So is sudo allowing you to elevate to an account other than yours? I'm not sure how that can happen, my assumption is that anyone in the Administrators group who runs sudo will elevate under their own account with the same environment. And sudo is supposed to ensure you're in Administrators before it runs.

Or are you elevating using 'Run as administrator'?

[guillermooo]

Yes, I didn't apply any special configuration, but I have two admin accounts and I can choose which one to use when elevating. I simply use sudo.