Re: Please, don't let sudo be auto-removable

To: debian-user@lists.debian.org
Subject: Re: Please, don't let sudo be auto-removable
From: Dan Ritter <dsr@randomstring.org>
Date: Fri, 1 Aug 2025 07:39:35 -0400
Message-id: <[🔎] 20250801113935.gdonvdzaehjzmxqd@randomstring.org>
In-reply-to: <[🔎] aIw2Bmc8tdpQEKx0@axis.corp>
References: <530c7212-c2c1-4e24-b169-dd4c0ecf9bdd@chafar.net> <DACA7CA0-38EC-4C0B-B7C4-92ED77C116B3@cyberfusion.nl> <e110de92-8f5d-44ad-a6a4-f13d0f72cfca@darac.org.uk> <9f1c6bbb99bac17a6a6eadd78b4edfae8956c273.camel@janc.be> <aIu+8s2SNaVtAtZd@mail.bitfolk.com> <[🔎] aIw2Bmc8tdpQEKx0@axis.corp>

David Wright wrote: 
> On Thu 31 Jul 2025 at 19:07:30 (+0000), Andy Smith wrote:
> > On Thu, Jul 31, 2025 at 08:01:56PM +0200, Jan Claeys wrote:
> > 
> > We have learned in this thread that sudo does already have a check in its
> > prerm that prevents its removal if the system has a root account with no
> > password or if root is a locked account.
> > 
> 
> Do other flavours of linux and unix do this? I view this sort of
> protection in the same way as, for example, making "rm -i" the default
> behaviour of rm. It leads people to assume there's always a safety net
> when their actions are reckless.

It's not that there's a safety net, so much as multiple methods to
recover from most situations, with varying degrees of pain.

The su command goes back to AT&T UNIX. You'll find it in Linux, the BSDs,
OpenSolaris descendants and even minix. To use it, you need to know the
root password.

You can start a new console on the physical hardware and login as
root. Again, you need to know the root password.

If you can reboot, you can change the kernel command line in grub or
another bootloader and make your init be shell; then you need to remount
the root filesystem read/write, change root's password with passwd or
replace the hash in /etc/shadow, sync and reboot -- now you know the
root password. Once you have root, you can do anything at all to the
data that you have on the system. (There are exceptional circumstances
involving read-only media or contrived SELinux configurations.)

If you wipe out a filesystem with data on it, it may well be unrecoverable
-- unless you have already taken precautions, of which the most widely
known is making a backup. Depending on what happened and when, a snapshot
can save you. Physical loss of a disk? The right RAID setup (in advance)
can turn it into a mere inconvenience or slowdown.

If your data is corrupted, you may not notice until it is too late,
unless you are running a verification procedure. Regardless of whether
the corruption was malicious or accidental or caused by a fault, the
recovery procedure always involves identifying the corrupt data and
replacing it with a stored copy from elsewhere.

-dsr-

Reply to:

References:
- Re: Please, don't let sudo be auto-removable
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Prospective New Laptop
Next by Date: Re: Prospective New Laptop
Previous by thread: Re: Please, don't let sudo be auto-removable
Next by thread: Re: Please, don't let sudo be auto-removable
Index(es):
- Date
- Thread