[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please, don't let sudo be auto-removable



David Wright wrote:
> On Thu 31 Jul 2025 at 19:07:30 (+0000), Andy Smith wrote:
>> We have learned in this thread that sudo does already have a check in its
>> prerm that prevents its removal if the system has a root account with no
>> password or if root is a locked account.
>> 
>> It seems reasonable to argue that if sudo is already installed then the user
>> might use it and erring on the side of caution by assuming that there
>> may not be another way to obtain root privileges is appropriate. Yes
>> that will occasionally be unnecessary if the user intends to switch to a
>> sudo alternative. The removal can be forced in that case.
> 
> Do other flavours of linux and unix do this? I view this sort of
> protection in the same way as, for example, making "rm -i" the default
> behaviour of rm. It leads people to assume there's always a safety net
> when their actions are reckless.

Fedora has marked sudo as a "protected" package since 2017,
as a result of this request:

    https://bugzilla.redhat.com/1418756

That only prevents yum/dnf from removing the sudo package.
It can be easily removed via rpm. (yum/dnf is to rpm as apt
is to dpkg, for anyone happily oblivious of that other
world. :)

There is certainly a point to be made that something like
'rm -i' leads to many using 'rm -f' by default.

I'm not sure that it is directly comparable to making a
package like sudo a little harder to automatically and/or
accidentally remove, but that's quite subjective.

I see it as more of a speed bump.  Those are tedious if
placed everywhere, but not so bad if used judiciously.

-- 
Todd

Attachment: signature.asc
Description: PGP signature


Reply to: