How to programmatically determine whether superuser elevation is necessary to invoke code?

When providing code to another, it appears to be good practice to remove all elevation-specific code — that is, provide apt update rather than sudo apt update (or su -c 'apt update'). However, this causes all kinds of problems for those new to UNIX-based permission elevation — I and many others I have met used to merely run everything as the superuser using the aforementioned utilities.

Additionally, when invoking certain commands programmatically, superuser elevation shall be necessary on some systems, but not on others. This means that including the permission elevator can break configurations on some systems, because things shall begin to be owned by the superuser when they shouldn’t be. flatpak is an example of some of this (except the configuration corruption) — 50% of the installations I’ve used necessitated elevation to invoke most of its commands, the other 50% didn’t, by default.

Considering that UAC elevation on Windows 7+ appears to work incredibly well even in edge cases in my experience with it, I am seriously surprised that no comprehensive methods of remediating this issue appear to exist.

Consequently, I ask whether anyone knows of any methods of programmatically determining whether a command necessitates user elevation to invoke it. I am aware that switching users when invoking certain commands can cause its behaviour to affect that user, but in those instances, I cannot imagine that the users able to invoke the command would be restricted (lest it be rendered useless).


https://unix.stackexchange.com/search?q=determine+whether+superuser+elevation+required returns nothing, and although how to determine through code if command needs root elevation? and How to check if the "sudo" permission will be necessary to run a command? appear as if they’re asking what I want know, the few responses available at both appear to be focussed upon shell script code to sidestep the issue rather than providing language-agnostic solutions.

Consequently, I ask whether anyone knows of any methods of programmatically determining whether a command necessitates user elevation to invoke it. I am aware that switching users when invoking certain commands can cause its behaviour to affect that user, but in those instances, I cannot imagine that the users able to invoke the command would be restricted (lest it be rendered useless).

No such way exists; it’s "administrator contextual knowledge" that you need to run apt as root, and flatpak not. Other programs will ask for privilege elevation when they need it.

Considering that UAC elevation on Windows 7+ appears to work incredibly well even in edge cases in my experience with it, I am seriously surprised that no comprehensive methods of remediating this issue appear to exist.

UAC elevation is the windows GUI equivalent of sudo or policykit on linux / freedesktop.

You can’t tell whether a program will require admin privileges under windows, either, until it requests them.

The windows graphical shell has a way to mark links to executables as "run as different user", though. But that’s not the same as saying the executable can be spotted as in need of privilege elevation.

Answered By: Marcus Müller
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.