February 7th, 2024

Introducing Sudo for Windows!

Jordi Adoumie
Product Manager

Introducing Sudo for Windows

We’re excited to announce the release of Sudo for Windows in Windows 11 Insider Preview Build 26052! Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session. It is an ergonomic and familiar solution for users who want to elevate a command without having to first open a new elevated console.

We are also excited to announce that we are open-sourcing this project here on GitHub! We’re working hard to add more information about the project in the GitHub repo and will be sharing more details about our plans in the coming months! If you’re looking for additional functionality that Sudo for Windows does not provide, check out Gerardo Grignoli’s gsudo which has a number of additional features and configuration options.

You can also check out the Microsoft Learn docs for more information here.

How to enable Sudo for Windows

To enable Sudo for Windows, navigate to the Settings > For Developers page in Windows Settings and toggle on the “Enable Sudo” option:

For Developer Settings

You can alternatively enable Sudo for Windows by running the following command in an elevated console session:

sudo config --enable <configuration_option>

sudo configuration

How to configure Sudo for Windows

Sudo for Windows currently supports three different configuration options:

  1. In a new window (forceNewWindow)
  2. Input closed (disableInput)
  3. Inline (normal)

To change the configuration option, use the drop-down menu in the Settings > For Developers page in Windows Settings:

For Developers - Sudo Configurations

You can alternatively change the configuration option by running the following command in an elevated console session:

sudo config --enable <configuration_option>

Configuration Option 1: In a New Window

In this configuration, Sudo for Windows will open a new elevated console window and run the command in that window. This is the default configuration option when sudo is enabled. For example, if you run:

sudo netstat -ab

A new window will open and the command will be run in that window:

sudo netstat -ab

Configuration Option 2: Input Closed

In this configuration, Sudo for Windows will run the elevated process in the current window, but the new process will be spawned with its stdin closed. This means that the new process will not accept any user input, so this configuration will not work for processes that require further user input after elevation.

Configuration Option 3: Inline

This configuration is most similar to the behavior of sudo on other operating systems. In this configuration, Sudo for Windows will run the elevated process with its stdin, stdout, and stderr all connected to the current window. This means the new elevated process can take in input and route output to the current window.

How does it work?

When elevating a process from the command-line with sudo, a UAC dialog will appear asking the user to confirm the elevation:

UAC Dialog

Once the user confirms the elevation, the process will be elevated based on the configuration option selected by the user.

You can check out the optional parameters for the sudo command by running sudo -h in your console.

In a New Window

In this configuration, sudo.exe will launch a new elevated console window and run the command in that window. The new window will be launched with the same working directory as the current window. The new window will also be launched with the same environment variables as the current window. This configuration has a similar flow to the runas command.

Input Closed and Inline

In these configurations, sudo.exe will launch a new elevated process, an elevated sudo.exe process, and the original unelevated sudo.exe will establish an RPC connection with the new elevated process. In other words, information is passed from the unelevated sudo instance to the elevated one. Specifically, the console handles from the unelevated process are passed to the elevated process which allows the elevated process to read input from the unelevated process and write output to the unelevated process. However, when sudo is configured in the “Input Closed” configuration, the elevated process will essentially not be passed the console’s input handle, so it will not be able to read input from the user.

Here is a diagram of how the process hierarchy looks:

sudo diagram

It is important when running sudo in the “Inline” or “Input Closed” configurations to be aware of the security implications. It is possible that a medium integrity process can drive the elevated process. This risk is mitigated in the “Input Closed” configuration because the elevated process will not be able to read input from the user.

Over the coming months we will be working on expanding documentation for Sudo for Windows and will be sharing more details about the security implications of running sudo in the “Inline” configuration.

What’s next?

Our team is working on open-sourcing Sudo for Windows and we’re excited to share more details about our plans in the coming months. In the meantime, we’d love to hear your feedback! Please share your feedback directly in the GitHub repository.

Author

Jordi Adoumie
Product Manager

29 comments

Discussion is closed. Login to edit/delete existing comments.

  • ⸻ ⸻ · Edited

    Love that Windows has Sudo alongside its package manager now! 😀

  • Kamil Koperek

    oh fuck, I’am calling Todd C. Miller

  • Michael Cherry

    Can an enterprise use Group Policy or Intune to manage this feature (that is make it so that this feature cannot be enabled). Seems necessary given the security issues.

    • Jordi AdoumieMicrosoft employee Author

      Yes. This feature is controllable via GPO settings.

  • Tired Geek (JimmytheGeek)

    So how much longer until y’all throw in the towel and release your own Linux distro? It sure seems like Windows is going that way…

  • Gary Sims

    Running sudo rm . when configured to forceNewWindow is disasterous and incredibly dangerous. Also means behavior is different from one config to the another, which is equally dangerous. When dealing with admin privileges, consistency is paramount.

  • Andrew Witte

    MS needs to do what Google is doing and just make something like “Fuchsia OS” already.

    • Adam KamieÅ„ski · Edited

      they already did another OS and it’s called CBL-Mariner, they obviously not gonna bother with second os with graphical interface, that would be ridiculous