-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Mar 02, 2017 at 08:01:38AM -0600, David Wright wrote:
[...] > If you're trying to clarify things, you have to tighten that up > considerably. Any regular user can start synaptics without a password, > as I already posted in this thread. Yes. I was explicitly excluding DE authentication foo (like PolicyKit and similar) -- first to explore the simpler sudo path and second, because I'm definitely the wrong person to give advice related to desktop environments. I know very little about them and... I don't like them, to be honest. > I can guess what you mean, and I don't think that is what happened. > (What I _think_ you mean is that by using the root password in that > situation on one occasion, the system has "remembered", and now you > don't need the apssword any more. I don't think that happened. I think > the OP configured something at an ealier time and has forgotten.) I don't think either, and given Hans' last answer, it seems he has a pretty standard sudo configuration, his user belonging to sudoers. I don't remember whether that is Debian default or if you've to do something explicitly to achieve that. I'd guess it's the latter, but hey. > I think I would lose the ability to configure wifi APs as a user > if I lost sudo. Perhaps. I don't know what PolicyKit is able to do -- the whole dance around DBus would suggest that they want to have some communication accross privilege domains, so it seems to be geared to that, but what do I know. > But I can't see that there's any point in removing sudo if you > . add noone to group sudo > . add nothing to /etc/sudoers.d/ > . add nothing to /etc/sudoers > > Would I be right? Yes. I described removing the package sudo as the more drastic variant, only when you want to avoid at all costs that a user be added to the sudo group (or, more precisely: this would then have no effect). > BTW one thing I don't understand about sudo is why > /etc/sudoers.d/README is not world-readable. Funny. README, but you can't :-) Seems a fairly harmless mistake, perhaps a too literal interpretation of "/etc/sudoers and all files under /etc/sudoers.d are sensitive". Better than the other way around, though. Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAli4gUgACgkQBcgs9XrR2kZw+ACcC+b5ll9T+W8cEYKbg2Eud9LD WoYAn3W69gajGVIMO+Va5LbFZ3aT2wJ/ =ne0W -----END PGP SIGNATURE-----
