-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run with highestAvailable Execution Level by default #1054
Comments
|
Ensure that Chocolatey runs with administrative context every time when an administrative user is running Chocolatey.
* stable: (version) 0.10.4-beta1 (GH-1054) Ensure Admin Runs w/Admin Context (GH-1147) Sync - Ensure machine parseable output (GH-1010) Do Not Catch Text File Error (GH-1012) Remove "IsText" File Before Check (GH-1146) Aliases - Install-ChocolateyVsixPackage (GH-1145) Better Logs On Licensed Dll Failures
Ensure that Chocolatey runs with administrative context every time when an administrative user is running Chocolatey.
If this becomes undesirable for some folks, we may need to shift this around a bit for the next version. |
Yes, this will be undesirable. I wouldn't want choco to prompt for elevation each time I run a query command (info, list etc.). |
Will only happen if your prompt is not elevated |
@jberezanski still an issue considering it only prompts if you are an admin in a non-elevated context? ^^ I'm assuming this was already understood though so likely. ? |
Most of my command prompts are non-elevated (this adds safety from fat fingers and security from unexpected actions performed by binary tools downloaded from the net). When I want to run something with admin rights, I just put So yes, still an issue. Ideally, choco would ask for elevation only when processing one of the commands that really requires it, such as |
Perhaps there is a way to ensure you won't have issues - still exploring this. |
If an app.manifest is embedded in an assembly, you can not override it at all with a local manifest created next to it. However there is one scenario that does allow for it to be adjusted, set the file outside next to the executable to control the behavior of the assembly. This allows it to be adjusted when folks need to control the behavior of Chocolatey to suit their needs. This is a compromise to ensure good default behavior with the ability to adjust it when necessary.
Document requestedExecutionLevel and how each applies and changes the behavior of Chocolatey. Note that folks will need to do this every time they upgrade until GH-1206 is implemented.
Okay found a way. We really need the behavior for most folks to ask that they run with the highest privileges they have. It will also help reduce support tickets and otherwise. However a good compromise is externalizing the app manifest that Chocolatey uses so that you can decide what to change it to yourself. Also added a lot of documentation here to help folks make the best decision. However there is a catch. Not a big one, but it may be a bit annoying if you do want to change the value - you will need to do it every time you upgrade until #1206 is implemented.
NOTE: This sets choco.exe back to the way it worked in older versions. This means that there is no elevation when starting |
It's a reasonable compromise. Hopefully one day Choco will get smart enough to ask for elevation only for actions which require it. |
There are some really complex ways to handle this now, and none of them seem beneficial for the amount of work required to do so (think git model, where every action is its own binary). |
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Previously we only ran backups and beforeModify scripts on the target package(s) and not their dependencies. This change should ensure we are _always_ running backups on any existing packages from a NuGet source before we try to modify them in any way. Additionally, this should ensure we can run the beforeModify scripts for ALL dependencies of the target package(s).
Update 20170606
We have flipped this functionality back to
asInvoker
with 0.10.7 - see #1324 for details, join the discussion at #1307.See #1054 (comment) for the way to set it back if you need the older functionality.
Where This Applies
HighestAvailable Execution does a good job of only asking for elevation when an administrator is not in an administrative command shell, and only in that scenario. Everything else just continues to work as it normally does.
To be sure it is clear how elevation works in
highestAvailable
, let's understand the scenarios when elevation will be requested:What about existing automation? Would it need to be changed for this?
Most likely all existing automation is likely to already be okay with
highestAvailable
anyway based on the scenarios above. Most likely you are either using SYSTEM, a non-admin account, or using an admin with an administrative shell so it doesn't get hit by UAC for other things anyway.Summary
Try adding an app manifest that will set require admin permissions to see if it overrides the internal file.Add app.manifest for Chocolatey. When you run Chocolatey, it will ask you to run as administrator if you are an administrator. Unfortunately it doesn't appear you can override this setting with a local manifest file next to the application AND a merged manifest (I could be wrong on this, but I didn't see a way).
Notes
One longstanding request with Chocolatey was to have it always request admin privileges before running. This has been a hope that it would cut down on the accidental runs of Chocolatey in a command shell that is not elevated and needing to open on that was. This UAC (User account control) setting is handled by something called an application manifest (app.manifest). We had it set to "asInvoker", or run with the context of the user that ran the command. We've moved this to "highestAvailable", which means if you are a non-admin, it will just run under your context, but if you are an admin in a non-elevated shell, it will ask for elevated permissions to run. There is also "requireAdministrator", which locks execution down to administrators only.
Moving to "highestAvailable" allows for that asking of privileges that you are used to, up front before it runs. However one additional thing we did here was give you more control over this setting now. We used to embed the app manifest into choco.exe. We now set it next to choco.exe (base install under
$env:ChocolateyInstall
, you will findchoco.exe.manifest
) so you have more freedom to adjust those execution levels as you see fit. There is one catch, you will need to do it on every install/upgrade of Chocolatey until #1206 is implemented.The text was updated successfully, but these errors were encountered: