[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Emergency mode when root account locked

On Sat, 2020-12-12 at 22:53 +1100, Keith Bainbridge wrote:
> On 12/12/20 7:29 pm, Andrei POPESCU wrote:
> > > AND run sudo as root, for additional safety
> > Is this supposed to be ironic? I really can't tell.
> There was a detailed discussion here about sudo being a security issue
> on our systems. It appears to be default in debian 10, so most of us get
> it as default.

The default sudo install only grants privileges to members of the
'sudo' group, and I believe the installer only adds the initial user
account it creates to that group if you don't specify a root password
at install time. After all, you are going to need some way of gaining
root privileges to administer the system :-)

I'm not even sure 'sudo' gets installed as part of the base system, but
I see it is a 'recommends' of task-desktop, so yes a lot of us will
have it installed by default; but normal users won't be able to use it
until the system administrator changes the config. (Unless some other
Debian package override sudo config??)

I have recommends packages disabled on my system so don't have sudo, so
I just installed it to verify how it behaves. After asking me for my
password it says:

  tixy is not in the sudoers file.  This incident will be reported.

and sure enough, my 'root' inbox has an email warning me about the
command I was trying to execute.


Reply to: