Sudo has long been a staple of Unix-like operating systems. It allows you to run a command with elevated permissions directly from the command line.
Microsoft has created a new feature on Windows with the same name and with a similar concept. While it is similar to its Linux counterpart, it isn’t the same.
According to Microsoft's documentation, it states:
Everything about permissions and the command line experience is different between Windows and Linux. This project is not a fork of the Unix/Linux sudo project, nor is it a port of that sudo project. Instead, Sudo for Windows is a Windows-specific implementation of the sudo concept.
As the two are entirely different applications, you'll find that certain elements of the traditional sudo experience are not present in Sudo for Windows, and vice versa. Scripts and documentation that are written for sudo may not be able to be used directly with Sudo for Windows without some modification.Microsoft has open-sourced sudo and is making it public on its sudo GitHub repo. I love the about line:
It's sudo, for WindowsTo enable sudo, you need Windows 11, version 24H2. You can enable it either through the command line or through the Windows settings, which can be done with a few clicks.
Inline Mode (i.e. similar to Linux)
The easiest way to enable sudo it IMO is to open an elevated command prompt and type:
sudo config --enable normalThis command will enable sudo to be set up and configured in inline mode, which is very similar to the Linux version of sudo.
It can also be enabled to behave differently.
New Window mode
This mode opens the command with the permissions in a new window, similar to what we have always experienced with the Windows UAC.
sudo config --enable forceNewWindowInput Closed Mod
Oh, Microsoft. You always have some of the worst naming conventions. This mode is an option between New Window and Inline modes. It allows the command to run within the same Window. However, the command is sent to a new process until it is finished.
sudo config --enable disableInputIf you want to enable it through the GUI, type “sudo.”
Ctrl+Left Click the link, scroll down, and enable it as in the screenshot. You will be asked to give admin access to enable it. Doing so will set the sudo config to “normal,” which means inline.
Command Example
Let’s run this command! It will display all active network connections (both TCP and UDP) on a system, including the ports they are listening on and the processes associated with each connection.
sudo netstat -abOnce you hit enter after running this command, you will receive a UAC-type prompt with the sudo logo asking if you want to allow the process to run as an administrator. The first time running it on Windows, I breathed a great sigh of relief, and a warm feeling came over me.
No longer will I need to right-click a fricken icon, say run as administrator and run the command I want to run. This will also allow us to use Microsoft Terminal Soley without needing to run it completely as administrator (I never do this) or to perform the right-click tom-foolery that puts a sense of dread into me every time I need to do it.
Security Considerations
There are risks associated with running sudo in the Input closed (inputClosed) or Inline (normal) configurations. Microsoft states:
It is possible for malicious processes to attempt to drive the elevated process using the connection established by the unelevated sudo.exe and the elevated sudo.exe process.
The inputClosed configuration option mitigates risk by closing the input handle. Disconnecting the input handle from the current console window means that unelevated processes cannot send input to the elevated process.
The inline configuration option runs the elevated process in the current window, and the process can receive input from the current console session. An unelevated process can send input to the elevated process within the same console windows or get information from the output in the current windows in this configuration.The full documentation on sudo can be found here.