On 01/08/2025 02:07, Andy Smith wrote:
On Thu, Jul 31, 2025 at 08:01:56PM +0200, Jan Claeys wrote:On Wed, 2025-07-30 at 19:55 +0100, Darac Marjal wrote:There's an argument that sudo should refuse to uninstall itself (e.g. in a prerm script) if the root user doesn't have a password at all. That would be a neat trick.There are many other tools that allow you to run things as root under certain conditions (doas, pkexec, runc, ssh, etc.).
I expect that the following will be available out of the box (for most of users) in trixie, so removing sudo should not be fatal.
<https://manpages.debian.org/run0> run0 may be used to temporarily and interactively acquire elevated or different privileges. It serves a similar purpose as sudo(8), but operates differently in a couple of key areas...
We have learned in this thread that sudo does already have a check in its prerm that prevents its removal if the system has a root account with no password or if root is a locked account.
I think, it still may be improved to fail in the case of (of course, effectively, not necessary literally)
sudo apt purge sudo
by checking SUDO_UID environment. On the other hand, I believe, package
scripts must be as simple as possible. Mistakes may broke a lot of
instances.
I am leaving it up to the proponents to research if it has been suggested earlier and to test behavior in various scenarios.
Taking into account list of packages recommending sudo, I would consider it almost as installed by default. Any changes may mean that developers and users, who maintain various scripts, will have to update their tools. Advantages vs. annoyance balance is not clear.