Package: sudo Version: 1.9.16p2-3 Severity: minor Hello,
looking at the default Email options in sudo I was wondering about the rationale behind them. Currently we have this: Defaults mail_badpass On multi user systems with an MTA configured in a way that mail to root will end up somewhere reasonable this will Email the Admin everytime a user enters a false password but will not Email the Admin in case some automated script checks if something like "sudo -s" works. This is why I use mail_no_perms on my systems. Regarding the sudo manpage *mail_badpass* is off by default so this seems to be a Debian default to enable this option. My personal opinion is that all mail should be off by default (like e.g. in the package unattended-upgrades) because nowerdays most systems do likely not even have an MTA configured in a way which will direct mail to root to a reasonable target. However with real multi-user systems in mind where such mails are probably desired for security reasons the better default whould then be arguably mail_no_perms instead of mail_badpass. Regards Sven -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel Kernel: Linux 6.12.41+deb13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sudo depends on: ii init-system-helpers 1.69~deb13u1 ii libapparmor1 4.1.0-1 ii libaudit1 1:4.0.2-2+b2 ii libc6 2.41-12 ii libpam-modules 1.7.0-5 ii libpam0g 1.7.0-5 ii libselinux1 3.8.1-1 ii libssl3t64 3.5.1-1 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/pam.d/sudo-i [file not found] /etc/sudoers [Errno 13] Keine Berechtigung: '/etc/sudoers' /etc/sudoers.d/README [Errno 13] Keine Berechtigung: '/etc/sudoers.d/README' -- debconf-show failed
