On Sat, 2020-12-12 at 22:53 +1100, Keith Bainbridge wrote: > On 12/12/20 7:29 pm, Andrei POPESCU wrote: > > > AND run sudo as root, for additional safety > > Is this supposed to be ironic? I really can't tell. > > There was a detailed discussion here about sudo being a security issue > on our systems. It appears to be default in debian 10, so most of us get > it as default.
The default sudo install only grants privileges to members of the 'sudo' group, and I believe the installer only adds the initial user account it creates to that group if you don't specify a root password at install time. After all, you are going to need some way of gaining root privileges to administer the system :-) I'm not even sure 'sudo' gets installed as part of the base system, but I see it is a 'recommends' of task-desktop, so yes a lot of us will have it installed by default; but normal users won't be able to use it until the system administrator changes the config. (Unless some other Debian package override sudo config??) I have recommends packages disabled on my system so don't have sudo, so I just installed it to verify how it behaves. After asking me for my password it says: tixy is not in the sudoers file. This incident will be reported. and sure enough, my 'root' inbox has an email warning me about the command I was trying to execute. -- Tixy
