On 01/08/2025 02:07, Andy Smith wrote:
On Thu, Jul 31, 2025 at 08:01:56PM +0200, Jan Claeys wrote:
On Wed, 2025-07-30 at 19:55 +0100, Darac Marjal wrote:
There's an argument that sudo should refuse to uninstall itself (e.g.
in a prerm script) if the root user doesn't have a password at all.
That would be a neat trick.
There are many other tools that allow you to run things as root under
certain conditions (doas, pkexec, runc, ssh, etc.).
I expect that the following will be available out of the box (for most
of users) in trixie, so removing sudo should not be fatal.
<https://manpages.debian.org/run0>
run0 may be used to temporarily and interactively acquire elevated or
different privileges. It serves a similar purpose as sudo(8), but
operates differently in a couple of key areas...
We have learned in this thread that sudo does already have a check in its
prerm that prevents its removal if the system has a root account with no
password or if root is a locked account.
I think, it still may be improved to fail in the case of (of course,
effectively, not necessary literally)
sudo apt purge sudo
by checking SUDO_UID environment. On the other hand, I believe, package
scripts must be as simple as possible. Mistakes may broke a lot of
instances.
I am leaving it up to the proponents to research if it has been
suggested earlier and to test behavior in various scenarios.
Taking into account list of packages recommending sudo, I would consider
it almost as installed by default. Any changes may mean that developers
and users, who maintain various scripts, will have to update their
tools. Advantages vs. annoyance balance is not clear.
