David Wright wrote: > On Thu 31 Jul 2025 at 19:07:30 (+0000), Andy Smith wrote: >> We have learned in this thread that sudo does already have a check in its >> prerm that prevents its removal if the system has a root account with no >> password or if root is a locked account. >> >> It seems reasonable to argue that if sudo is already installed then the user >> might use it and erring on the side of caution by assuming that there >> may not be another way to obtain root privileges is appropriate. Yes >> that will occasionally be unnecessary if the user intends to switch to a >> sudo alternative. The removal can be forced in that case. > > Do other flavours of linux and unix do this? I view this sort of > protection in the same way as, for example, making "rm -i" the default > behaviour of rm. It leads people to assume there's always a safety net > when their actions are reckless. Fedora has marked sudo as a "protected" package since 2017, as a result of this request: https://bugzilla.redhat.com/1418756 That only prevents yum/dnf from removing the sudo package. It can be easily removed via rpm. (yum/dnf is to rpm as apt is to dpkg, for anyone happily oblivious of that other world. :) There is certainly a point to be made that something like 'rm -i' leads to many using 'rm -f' by default. I'm not sure that it is directly comparable to making a package like sudo a little harder to automatically and/or accidentally remove, but that's quite subjective. I see it as more of a speed bump. Those are tedious if placed everywhere, but not so bad if used judiciously. -- Todd
Attachment:
signature.asc
Description: PGP signature