Replace Ubuntu's sudo with a wrapper that calls back to UAC

[fpqc]

It seems really strange the way security works for the Linux subsystems. Your user and sudoers credentials should probably interface back with the user credentials and administrator credentials in Windows itself. UAC can be configured to behave exactly how sudo does (even though by default it doesn't require a password, this can be enabled pretty easily). It doesn't seem like it would be that hard to replace the sudo that comes with Ubuntu with a Linux application (even if it has to be open-source due to licensing issues, it doesn't matter, since it would just be a few calls to Windows's API) that authenticates by means of the native Windows authentication.

Is anything like this idea planned in the future?

[tbfleming]

Please don't; I'd hate UAC dialogs popping up each time I use sudo, especially since my sudo commands have yet to need Windows' administrative access.

[LFBernardo]

Agree with tbfleming, No UAC for bash on Windows.

[TheAggressive]

Agree with @tbfleming

[xilun]

Given the container style model currently choosen, I don't think UAC for sudo would make sense. Root in WSL don't have more rights than the user calling bash.exe, and I don't even see given the current arch how it could make use of more rights.

[niftyhacking]

On Sat, Apr 30, 2016 at 8:12 AM, xilun notifications@github.com wrote:
Given the container style model currently choosen, I don't think UAC for
sudo would make sense. Root in WSL don't have more rights than the user
calling bash.exe, and I don't even see given the current arch how it could
make use of more rights.

How about less rights?
sudo [-u user]

Where the new user has less permissions than the the user or root
invoking sudo or su

This might allow a safer network connection...where unix permissions
allow a smaller container inside the container. Restricting
reading,writing,execute
of the new context to a set lower than the invoking context.

Given the state of this project it is too early to ask for this
beyond the caution that a decision today could make it impossible
in the future.

T o m M i t c h e l l

[LFBernardo]

why not just use sudo as intended? Use the same rights as what the user is use to and let them sudo for root level activities.... don't re-invent the wheel (specially the ones that work well).

[bogen]

It makes little sense to by default require UAC for sudo for the linux environemnt supported by WSL. First off, doing so would break a lot of the usage of sudo. If you are use to Ubuntu, then the way sudo works should not is not strange. WSL is indented to run unmodified native Linux enviornments as is, their is no reason to even stick with Ubuntu. Requiring the Linux environments to be modified to run under WSL would severely detract from it's usefulness.

On the other hand, if some really needed to use UAC, they could likely add a PAM module to the Linux environment they are using that somehow communicates with a process on Windows that uses UAC. But that really has nothing to do with WSL.

One can do whatever they want (only limited by the Windows user running it) in the Linux envornment that runs on WSL, including using UAC via some mechansim. But forcing that Linux environment to be hybridized is not the way to go at all.

Sudo is for the Linux enviornment, not to get elevated privliges in Windows.

An Ubuntu directory structure is provided for ease of use, so that those using WSL don't have to bring their own along. But that directory structure is not made for WSL, it is standard that can be used in a Linux VM, container, real machine, etc. It can be replaced, currently may be inconvient to do so, by any Linux distribution directory structure.

[benhillis]

This discussion has run its course, no current plans to do this.