David Wright wrote:
> On Thu 31 Jul 2025 at 19:07:30 (+0000), Andy Smith wrote:
>> We have learned in this thread that sudo does already have a check in its
>> prerm that prevents its removal if the system has a root account with no
>> password or if root is a locked account.
>>
>> It seems reasonable to argue that if sudo is already installed then the user
>> might use it and erring on the side of caution by assuming that there
>> may not be another way to obtain root privileges is appropriate. Yes
>> that will occasionally be unnecessary if the user intends to switch to a
>> sudo alternative. The removal can be forced in that case.
>
> Do other flavours of linux and unix do this? I view this sort of
> protection in the same way as, for example, making "rm -i" the default
> behaviour of rm. It leads people to assume there's always a safety net
> when their actions are reckless.
Fedora has marked sudo as a "protected" package since 2017,
as a result of this request:
https://bugzilla.redhat.com/1418756
That only prevents yum/dnf from removing the sudo package.
It can be easily removed via rpm. (yum/dnf is to rpm as apt
is to dpkg, for anyone happily oblivious of that other
world. :)
There is certainly a point to be made that something like
'rm -i' leads to many using 'rm -f' by default.
I'm not sure that it is directly comparable to making a
package like sudo a little harder to automatically and/or
accidentally remove, but that's quite subjective.
I see it as more of a speed bump. Those are tedious if
placed everywhere, but not so bad if used judiciously.
--
Todd
Attachment:
signature.asc
Description: PGP signature