On 25/10/13 00:00, Tom H wrote: > On Thu, Oct 24, 2013 at 12:04 PM, Scott Ferguson > <scott.ferguson.debian.u...@gmail.com> wrote: >> >> I don't do default[*1] installs. Certainly "expert" install mode gives a >> choice (choices are good) - regardless of whether people use sudo or not >> root *should* have a different password to any other user. >> >> But of course it's the system administrators choice if they wish to >> become a festering repository for linux malware and inflict their >> digital diseases on the rest of us... >> >> IMNSHO sudo is "generally" a good bad idea, far too many people use the >> same password for sudo as for the user - and far too many people can't >> see the problem with that. Worse, and *very* common with, um, "users" of >> a "popular" derivative of Debian is "%sudo ALL=NOPASSWD: ALL" which >> requires no password for sudo(sigh). > > 1) In a default setup where sudo's installed and enabled, root doesn't > have a password.
And what could be wrong with that? > > 2) The whole point of disabling root and using sudo is to become root > using one's own password. Interesting. > > 3) There may be users or this or that distribution who add "NOPASSWD:" > to their sudoers files but that's up to the users. Surely. Although I do wonder how sudo to root without a password can be effected *without* "%sudo ALL=NOPASSWD: ALL" And no, I don't want to debate the merits of sudo. Choice is good. Kind regards > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52691ebb.3080...@gmail.com
