Vscode: Allow to save files that need user elevation

Notepad++ does this very well:

I've got a debugger extension that needs to be run with privilege. On Linux, sudo code is sufficient to launch both vscode and the debugger as root; but due to this issue, my extension can't work on Windows.

@sstjohn You _can_ run Code as administrator on Windows, and that should inherit to all child processes. It is just not very good UX at the moment:

• close _all_ open windows of Code
• right click on Code and click "run as administrator" or type code in an elevated command line
• open the desired file from inside Code with File > Open (drag and drop will not work anymore)

Oh I get it, I was trying to run multiple instances in the same login session with different privileges. Thanks for the pointer, I'd suggest this could use a little documentation at least.

This is somewhat related to this question http://stackoverflow.com/questions/31458077/mac-user-running-mamp-issues-trying-to-modify-files-inside-root-folder-eacce?noredirect=1#comment50887510_31458077

An item on uservoice also has been created: http://visualstudio.uservoice.com/forums/293070-visual-studio-code/suggestions/8915236-visual-code-w-terminal-integrated-and-super-admin

Seems like there is a need for a os-independant solution to be able to edit files which need administrator password / elevated rights.

@felixfbecker
just a prompt to elevate on save will save a lot of time.

Even if I close all Code Instances, I cannot get an elevated Code on Windows. This makes Code unusable for my use cases. It doesn't matter if I use RunAs or execute code in an elevated cmd or powershell prompt, it is not elevated.

I think I found something that should help with this: https://www.npmjs.com/package/electron-sudo
It allows to run a process with privileged rights, cross-platform, by opening a platform-dependend prompt.
You could save all unsaved files in the temporary folder, then use electron-sudo to restart Code as admin, and re-open and save the unsaved files (I assume this is how Notepad++ does it).

+1

Please implement. That the only thing prevents me from deploying as default editor on servers instead of notepad++ which does it out of the box.

Would love to see VS Code handle this more gracefully!

Sublime Text does this in a very nice way. It will only pop up an OS prompt asking to type in the password. The editor doesn't even restart (I guess it runs the save in a forked background process)

I hit this problem every single day, it would be really nice if there was a way to fix this. My main problem is not being able to open new Code instances if already opened and running elevated. Opening a second instance non-elevated when choosing "Open with Code" in File Explorer would solve the main problem, but handling saves similarly to what Notepad++ is doing would be really neat as well.

I go to the executable directory, goto compatability, switch on "run as administrator". I am prompted to authorize elevated privileges when opening a directory in code (via context menu). However, when running terminal inside elevated Code.exe process, the terminal still is not admin.

Any updates on this? It could be nice to have a prompt asking for the password like sublime or atom does

This would also be useful for editing PowerShell scripts that use cmdlets which require escalation, such as Get-VMNetworkAdapter

Right now I'm installing notepad++ just because of this issue.

I think Sublime's behavior is absolutely correct here, and also maybe should be its own ticket. "Better support running Code as administrator" is maybe also a valuable feature, but "automatically prompt for administrator permissions when attempting to save a privileged file" is I think what I'm asking for.

Also is potentially harder and might require an upstream Electron change or something.

Although not being ment as such as a primary use case (I think), VS Code will be used in Windows/Linux System administration more and more as it starts to replace tools like ISE.

In my case I'm editing scripts in one code instance which is not elevated and want to elevate another one to work with Desired state configuration which requires elevation... This is a hassle right now and off course it's not a good practice to just always start elevated as a workaround.

Another issue is, when I have an elevated instance running, context menu options like open with code don't work anymore as explorer is not elevated.

+1 For sublime like behaviour

Throwing out my usecase: I use separate login and admin credentials in my environment.

Because all of my privileges for shares, sharepoint, version control, etc are tied to my non-admin privileges, I usually run Code as that. However, for powershell scripts especially, I often require an elevated powershell.

What I would like is the ability to create an elevated powershell from a non-elevated Code instance, being able to use my administrator credentials. I would just launch Code from admin but then I lose access to my network resources, config, and plugins.

I'm running in to an issue with losing network shares when running vscode in elevated mode. I have a linux guest VM that exposes a repo via a samba share to a Windows 10 host. I can't easily use vscode to work in this repo on the Win 10 host because the repo contains a few symlinks and currently* the only way to get Git for Windows to work correctly with symlinks is to run it in elevated mode or disable UAC completely.

This workaround doesn't fix the problem: https://support.microsoft.com/en-gb/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-configured-to-prompt-for-credentials-in-windows

* Fortunately, a pull request (https://github.com/git-for-windows/git/pull/1188) was merged two days ago that adds support for Win 10's new symlinking capabilities so whenever the next Git for Windows release lands my use case should work (since vscode/git will no longer need to run in elevated mode to get symlinks working without disabling UAC). Win7 users will still be stuck though.

+1

Please, build this function.
+1!

Really need this, will save a lot of time.

+1

It would be also helpful if it was possible to run the instances of VSCode with and without elevated permissions simultaneously. I am not sure this limitation is caused by OS or the way VSCode is implemented.
I tend to use it as a regular user most of the time but sometimes there are tasks that require editor to have admin permissions. Currently, I have to close all existing windows of VSCode and open it as admin. After that, to switch to my regular work, I need to do the same - close all admin instances and start it as usual.

+1

+1

+1

+1

+1

Can people please stop doing +1. It's causing a lot of noise to people subscribing to this issue and wont speed implementation up. Use the like button instead.

Where is like button exactly? I usually just subscribe to issue to identify another person waiting for a fix.

I see no problem seeing those messages for important issues. If it's not important to you, you can always unsubscribe.

@artisticcheese You can add a reaction
@regs01 I am subscribing because as I am interested in updates to the issue and discussion about the implementation. A +1 clutters up the inbox and doesn't add value to the discussion.

One of the big reasons for introducing Github Reactions was specifically to reduce noise as can be read here https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments

+1

+1

still not implemented (mac os) :( ... in Atom it works very well

Btw.: Atom plugin can be found here: https://atom.io/packages/susave
Probably the implementation could be done similar?

This is a good example: https://sourceforge.net/projects/nppsaveasadmin/ too
Open as admin to save should be an alternative.

I like vscode - however in atom you open "admin read-only" file as normal user eg. /etc/hosts, and when you try to save, atom ask you (using some system dialog) about admin password - you type it and file is just saved (look on image - (polish lang: Użytkoninik=user name, Hasło=password)). Why this simple behaviour is impossible in vscode ?

Using sudo-prompt you can now retry to save as admin when saving fails. This will work on macOS, Linux and Windows:

There are some design decisions that I took that are worth mentioning where behaviour is maybe different from what others do:

• you will always first get the error message and from there you can save as admin
• each time you save you will have to authenticate again as admin
• you cannot create a file on disk as admin, the file has to exist on disk
• you cannot save readonly or hidden files

I think this covers the scenario where you quickly need to make a change to a file that needs elevation. It is not meant as a way to work on a bunch of files for a longer period and where you have to create files and folders as admin. For that I think VS Code is not suitable. Rather, if you need to do that, use a file manager with admin rights.

This will be available in insiders as soon as we have released our 1.19 version this week.

@bpasero Any particular reason for those design decisions vs the standard behavior? Namely, it automatically prompting if you don't have permission to save a file and allowing you to create/save hidden files, so long as you supply the permissions? It seems like a step back in terms of UX to have those limitations.

@tenpaiyomi not sure what would define the "standard" behaviour really. E.g. I am not aware of UX guidelines for how to do this in a standard way. The only typical flow I know of is to run the tool as super user / admin (something we do not encourage for VS Code and now you no longer have to in most cases).

I chose this way because I think executing an operation as root should be done with great care. I do not think an editor is the right tool for creating file/folder structures as admin user.

As to getting repeated prompts and errors for each save, that is maybe something we could revisit later based on feedback. Here I am maybe overly cautious to prevent harm. However to justify my rationale: I find it a bit weird to just popup a login dialog out of nowhere. As a user you could have auto save enabled and that would mean typing and waiting for a short moment would suddenly bring up a (scary) modal dialog for logging in.

All in all, I suggest that people give it a try once this hits insider and then we can continue the discussion in here. After all, its just the beginning of the milestone so there is plenty of time to talk about.

@bpasero When I say standard behavior, I more refer to how things generally tend to work in the scenarios that I have experienced. For example, in Sublime Text, if I am editing a file that requires sudo to save, when I go to save it will automatically prompt me if my current permissions are not adequate. It seems more intuitive to just prompt the user versus saying "Hey, you can't do that, you need to click this button to attempt to save again and then get prompted."

@bpasero you write:

I do not think an editor is the right tool for creating file/folder structures as admin user.

Can you explain why you think in such way (where is problem)?

@tenpaiyomi yeah I get that, however there can be many reasons why I file cannot be written to. For example it could be readonly (which is unrelated to permissions), would you then expect that when you save as admin, the readonly flag should go away? And what if the file belongs to another user, would'nt it make more sense to ask to log in as that user instead of logging in as admin?

@kamil-kielczewski I think writing files as admin gets messy when it comes to permissions: Should the file/folder only be readable by the admin or any user? Should it be writeable by any user or only the admin? I think creating a file as admin at the minimum has to ask what permissions to use in that case where you are impersonating as admin. If you run the tool as admin, I think you are free to do whatever you want.

Btw when I checked ST, you are not able to create a file as admin by saving it to a location that needs admin privileges. So they seem to follow a similar model.

@bpasero I think the editor should behave exactly as operating system (e.g. linux) - so when I create file (or similar folder) by editor (an need admin permissions) I should get the same result as execute

sudo touch some_name

If this behaviour is not implemented, i need to open terminal, do this by hand, and go back do editor again.

When file is readonly situation is similar, I would like to get the same "access level" as using

sudo echo -n "foo" >> some_readonly_file.txt

command. However as I remember, many editors in windows ask USER: "This file is read-only - do you realy want to save changes" and if user agree then they save changes but not change any permissions (read-only flag also not changes). So In read-only case editor can always ask user "do he know what he do" (usually vscode users are programmers so the know what they do :) )

My thinking is right?

I pushed some changes to allow to save a) readonly files and b) hidden files. For a) you will see an explicit action that explains what is going on:

For b) we just truncate the file first before writing and then using r+ mode to write. We already do this trick for regular saving when we see that saving fails on Windows.

I still plan to look into making the experience on Windows a bit better. The prompt that shows up is a bit scary if you look at the details. Ideally we could elevate a child process of VS Code itself to admin rights so that the prompt shows the VSCode icon to the user.

I really appreciate that you fix this issue. When new VSC update will be available I will test it and give feedback.

This fix will be helpful for many developers.

Thank you :)

@kamil-kielczewski it should be available in todays insider release: You can give our preview releases a try from: https://code.visualstudio.com/insiders/

Ok @bpasero I install and test you fixes:

Main functionality which I want:
a) ability to save /etc/hosts by type admin password - works :)
b) save read-only files (by ask user do he really want it) - works :)
c) save hidden files - works :) (hovewer i was able to edit hidden files only by drag and drop them from mac-finder to vscode)

Minor functionalities like:
a) create file in protected (need admin privilidges) e.g. create file in /etc folder - doesn't work
b) see hidden folders and files - doesn't work (i think this option should be default set to fasle - but user should have ability to change it)

So to this point I am satisfied (however It will be good to have also minor functionalities; implement nice modal windows for user dialogs will be also nice feature)

Tank you :)

@kamil-kielczewski I suggest to open new issues for new feature requests. I am not sure I understand the issue with not seeing hidden folders and files. I see hidden files in the VS Code explorer.

hm strange - may be it was my mistake - now I see hidden files. So everything ok :)
Later I create new issues.