To avoid people being surprised by ninja breaking things they depend on, I suggest the whitelist should contain at least these:
/usr/bin/passwd:users:
/bin/su:users:
/usr/bin/sudo:users:
('tom' should not be in there and 'admins' is not one of the default Debian
groups as far as I know)
Cheers,
Francois
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
