For best practices, software should have the least amount of privileges. However, some tools like performance monitoring require elevated admin permissions.
The article describes the scenario for programming such software or applications in .Net Core.
Install tool Globally
The following instructions guide the way to run, install, or uninstall .Net Core tools that need to be executed with elevated permissions.
If a folder already exists in %ProgramFiles%\dotnet-tools the path, then checks whether the user group has the permission to write or modify the directory.
To install, run the below command in a command prompt session with Administration mode. It will generate the Dotnet-tools folder during the installation.
dotnet tool install PACKAGEID --tool-path "%ProgramFiles%\dotnet-tools".
Linux or macOS Installation
The global tool package should be installed in a protected location using --tool-path flag
sudo dotnet tool install PACKAGEID --tool-path /usr/local/share/dotnet-tools
By default, the tools have drwxr-xr-x permission. If the folder directory exists already, then use the ls -l command to check the assigned user doesn’t have permission to edit. If so, practice the sudo chmod o-w -R /usr/share/dotnet-tools command to remove the access.
Run Global tool
There are two ways to run a global tool, as follows:
Use full path in the command prompt in Administration mode.
Do the environment variable setting once using setx Path "%Path%;%ProgramFiles%\dotnet-tools\" then use TOOLCOMMAND directly.
Linux or macOS
Use full path with Sudo. sudo /usr/local/share/dotnet-tools/TOOLCOMMAND
Do the environment variable setting once using sudo ln -s /usr/local/share/dotnet-tools/TOOLCOMMAND /usr/local/bin/TOOLCOMMANDthen use sudo TOOLCOMMAND directly.
Uninstall the Global tool
Run the following command to uninstall the global tool using command prompt in Administrator mode.
dotnet tool uninstall PACKAGEID --tool-path "%ProgramFiles%\dotnet-tools"
Linux or macOS
Run the following sudo command to uninstall packages.
sudo dotnet tool uninstall PACKAGEID --tool-path /usr/local/share/dotnet-tools
Elevation during development
During development also there are scenarios in which you may need elevated access to test the application.
RECOMMENDATION: Build the application without elevated permission and run applications with elevated permissions.
For best startup performance, use generated executable
dotnet build sudo ./bin/Debug/netcoreapp3.0/APPLICATIONNAME
Run the .Net application with no build flag to avoid generating new binaries each time
dotnet build dotnet run --no-build