Please elevate session, or spawn elevated session as necessary. #2096
Comments
|
Try https://chocolatey.org/packages/gsudo I'm digging it. There's others, sudo, elevate, etc. |
|
This is a fundamental problem with choco, installers have invoked uac elevation on their own since Vista came out, it's expected behavior. |
That is not entirely true, yes it may look that way to an end-user, but in general, installers don't invoke the UAC on their own. So, then the question becomes, when should chocolatey self-invoke the UAC (remember that it needs to spawn a new process of itself, possibly running the same code again, and can't use the typical manifest file). Some places would be
Those are just a few points that I remember from the top of my head, and there certainly are many other scenarios that self-elevating would need to happen. |
That's because it's the correct behavior from the end user perspective
This should be the default behavior. Installing to a non-default location is not well documented nor a trivial task. |
In the case of installers, yes. But not in all situations.
No, it really shouldn't as this would also mean it would force the elevation in cases where it shouldn't be elevated as well (otherwise, we could just get rid of the UAC and go back to Windows XP, as it would be basically the same thing).
On the contrary, it is very well documented here: https://chocolatey.org/docs/installation#installing-to-a-different-location and is as easy as setting 1 environment variable before doing a normal install of chocolatey (securing the directory is a completely different matter). |
|
There is no indication to the uninitiated of the implications of the default install location nor is it clear that you can even install to an alternat location as that info is buried as the eleventh link under More Options and doesn't appear in either sidebar. |
@sharpninja I'm going to respectfully disagree here - you typically start at https://chocolatey.org/install (that is where the site points you to from front page, top-level navigation, etc). Now you'll notice on step number 1, we make mention of that immediately and include a link to non-administrative install. Here's an image of that:
|
I'm going to respectfully disagree on the premise of a "secure by default" design. If you choose to install to a non-default location, you are choosing to lower security posture and open up a potential of running scripts or apps that can be changed by a non-administrator. That's bad IMHO. Some people want that and I get it, but it's just not going to be the default as it is insecure. More on this at https://chocolatey.org/docs/security#what-about-a-non-administrative-installation-of-chocolatey-is-it-secure . |
@sharpninja can you elaborate on what you would like to see as far as this goes? |
If Chocolatey merely ran installers, I would be right there with you. However, that is not what it does - or rather just a tiny portion of what it can potentially do. Chocolatey manages Chocolatey packages, and a package (nupkg file) can contain scripts, binaries, files, zips, and yes, it can container and manage installers as well. |
|
All of those scripts and other things need to be secure to remove the potential that something without administrative rights, could affect the files, etc, prior to an administrative scenario actually executing those things. Security ruins all the fun, I know. |
|
@ferventcoder - Look at it from this perspective. Using choco as my package manager means I'm normally running an admin powershell session so I can install stuff as needed without constant interruption to spawn a new admin powershell window manually, install my app, then close my original powershell window and reopen it so the new app shows up on the path. There's a lot more risk to that than someone getting a malicious script from choco. |
If you're new to choco, especially if you've used package managers on other platforms, the first 10 times you have to spawn a new admin PS session to run choco successfully, followed by figuring out your new app isn't on the path of the original session, and that you then need to close and re-open your original session to get the new app to work, will undoubtedly lead to a mild level of rage (as it still does for me, many years and installs later). Defaulting to installing to $env:userprofile/.choco or something can still trigger UAC as necessary but avoid it altogether for portable apps. As for scripts in packages, the user's script policy should be responsible for that. |
There is a big difference between a non-administrative install and an end-user install. The former implies you don't need to elevate to run it, the latter implies installing under
This basically says "You shouldn't do this" and "We have over 200 packages supporting this" in the same paragraph. Confusing any? Also, it links the instructions for non-standard location which says:
OK, but what does that have to do with choco creating a default location such as Which all reinforces my original request. Simply have choco elevate when it needs to automatically so people can just use the default install and go about their business. |
|
One final thing:
This is patently false. System admins and developers may live in an admin shell, but hardly anyone else ever does. And corporate package management systems almost always allow non-elevated users to install software from a menu without admin interaction. |
Apologies for the distinction here - we are talking related to software management. And that is still true.
This doesn't make the statement less true, it just means there are systems in place that work around it. As such we have an offering like this with Chocolatey for Business called Self-Service (used seamlessly with command line choco and Chocolatey GUI). |
We talked about gsudo earlier in here, which I think would be something good to look into. |
On this aspect, other platforms have a sudo which means you don't have to open a new session. It's annoying that Windows doesn't have this. However gsudo does do this. So maybe it would be a good workaround until we could have something in place that would support how you work.
Right now there isn't a concept of user-based installations in Chocolatey, it's all system-based. It's a MUCH bigger concept that we want to explore at some point and it comes with all kinds of interesting edge cases. It's not something we'd be able to implement overnight.
We'll disagree on this point. It has very little to do with policy, it's more ensuring that you are running what has been validated and not having something inject a change prior to that. Security is paramount. |
Why would you do this? Do you know about
|
|
https://chocolatey.org/docs/troubleshooting#i-cant-get-the-powershell-tab-completion-working There is a small documentation bug with the next item where the profile installation is: # Chocolatey profile
$ChocolateyProfile = "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
if (Test-Path($ChocolateyProfile)) {
Import-Module "$ChocolateyProfile"
}That goes in the file that is at We probably need to put that somewhere else - if you have a PowerShell profile that is not signed, it will add to that during install. |
|
I have never seen that snippet get added to one of my profile scripts, on any machine, ever. And what about when a new PowerShell version is installed? This is very fragile. |
Zero changes since we put it in, and when you upgrade PowerShell it just works - for like 5+ years. But sure...I guess you can say that's fragile. |
|
It has a built in prerequisite that you must already have a profile script present for it to add anything to. It doesn't create it automatically (IMO it should, but that's a bit of a different issue 😉). That prereq alone is usually why I'm missing said tab completions. Anyway, we're getting a bit off topic here 😁 |
It used to. However that had its own set of issues related to VMs, Vagrant, and Virtualbox. |
|
Ah, yeah? Not familiar enough with the issues that'd cause, but that at least explains it. I just have to get better at remembering to add it to my profile later. 😁 |
|
Wrote initial prototype on automatic process elevation. |
I cannot express how frustrating it is to be working in a normal powershell session and then need to install something via cinst only to get a security exception. Please elevate the session when necessary with RunAs or Invoke-Command -Verb when necessary.
The text was updated successfully, but these errors were encountered: