undefined | Better HN

0 pointscalamari40652y ago0 comments

Having the sudo command open an entirely separate terminal as an admin user is absolutely ridiculous and completely on brand for Microsoft.

Along with the UAC dialog, I can't think of a worse way for sudo to behave.

What's wrong with entering your password for sudo? How is UAC more secure than a password?

0 comments

7 comments · 4 top-level

aksss2y ago· 3 in thread

If you’re running as local admin you just get the dialog, but you’re not using a local admin as your daily driver user acct, right? ..Right? :)

If you’re logged in as a standard user, UAC prompts you for new username and password to authenticate and authorize the privileged operation.

calamari4065OP2y ago

Seems like a horribly convoluted way to manage permissions. Also I have never heard anyone suggest you shouldn't use a local admin account. That's the exact problem UAC was meant to solve.

Having used an unprivileged Windows account, all I can say is no thanks. It's a huge burden if you do anything even slightly more complex than Facebook and email.

As a blanket policy at work, all programmers are admins, everyone else is not. Except when someone is doing a task that requires elevation every five minutes. I'm the only admin on site and it's an unbelievable waste of my time to sit next to someone so I can put in my password every time they click a box. We make those users admins because there's simply no other way to manage it.

bigstrat20032y ago

Nobody does what you describe. When someone has a genuine need for local admin access, they are given two accounts - an unprivileged account to log in with, and a privileged account to enter into UAC when needed. It would indeed be an unbelievable waste of time to make your IT staff sit next to users to enter admin credentials, which is why nobody does it.

And for the record, "don't log in with a local admin account" is a very commonly recommended best practice for Windows environments. It's unusual that you've never encountered it.

2 more replies

aksss2y ago

> Also I have never heard anyone suggest you shouldn't use a local admin account.

Only every security audit under the sun. If you work for a sufficiently large organization subject to industrial or governmental regulation, or even carry particular insurance policies, third party audits will flag these practices as liabilities, because its boilerplate recommendation for how a managed windows environment is deployed.

You may work for a large organization where you get local windows admin. Exceptions can be made if a good story can be told about compensating systemic and detective controls that sufficiently mitigate the risk.

However I promise you that someone in that organization closer to security strategy and compliance gets grief over the posture at least annually. Those people shelter you from worrying more about it.

ripley122y ago

Opening another terminal is one thing this new sudo can do. It's also possible to configure it to run the sudo'd command inline in the current window (mentioned in the linked blog post); there are security tradeoffs to consider.

hugryhoop2y ago

A terminal password prompt can be intercepted by a keylogger and similar things.

UAC is safe from that.

hughesjj2y ago

UAC is less secure than a password right?

j / k navigate · click thread line to collapse