If you need sudo, why not just apt-mark manual it?

William David Edwards

Op 30 jul 2025 om 19:30 heeft José Esteban <[email protected]> het volgende geschreven:

I'I've written to sudo package maintainer, but he suggests me to
report that here and so I do. This is in my /var/log/apt/history.log:

Start-Date: 2025-07-30 08:29:54
Commandline: apt-get purge cloud-guest-utils
Requested-By: chafar (1000)
Purge: cloud-guest-utils:amd64 (0.33-1)
End-Date: 2025-07-30 08:29:54

Start-Date: 2025-07-30 08:30:13
Commandline: apt-get purge cloud-init
Requested-By: chafar (1000)
Purge: cloud-init:amd64 (22.4.2-1+deb12u2)
End-Date: 2025-07-30 08:30:14

Start-Date: 2025-07-30 08:30:22
Commandline: apt-get autoremove
Requested-By: chafar (1000)
Remove: python3-blinker:amd64 (1.5-1), python-babel-localedata:amd64 (2.10.3-1), python3-webcolors:amd64 (1.11.1-1), libxaw7:amd64 (2:1.0.14-1), python3-importlib-metadata:amd64 (4.12.0-1), libeatmydata1:amd64 (130-2+b1), python3-jsonpatch:amd64 (1.32-

2), python3-more-itertools:amd64 (8.10.0-2), python3-attr:amd64 (22.2.0-1), gdisk:amd64 (1.0.9-2.1), python3-babel:amd64 (2.10.3-1), python3-jsonschema:amd64 (4.10.3-1), python3-oauthlib:amd64 (3.2.2-1), python3-json-pointer:amd64 (2.3-2), python3-jinja2:
amd64 (3.1.2-1+deb12u2), python3-serial:amd64 (3.5-1.1), python3-netifaces:amd64 (0.11.0-2+b1), python3-uritemplate:amd64 (4.1.1-2), python3-markupsafe:amd64 (2.1.2-1+b1), python3-jwt:amd64 (2.6.0-1), eatmydata:amd64 (130-2), python3-yaml:amd64 (6.0-3+b2)
, sudo:amd64 (1.9.13p3-1+deb12u1), python3-rfc3987:amd64 (1.3.8-2), python3-pyrsistent:amd64 (0.18.1-1+b3), python3-zipp:amd64 (1.0.0-6)

End-Date: 2025-07-30 08:30:24

... sudo gets inadvertently removed within a lot of python3 packages !!!

who remembers the root password ?

Best regards

--
José Esteban
034 - 607507781

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I'I've written to sudo package maintainer, but he suggests me to
report that here and so I do. This is in my /var/log/apt/history.log:

Start-Date: 2025-07-30 08:29:54
Commandline: apt-get purge cloud-guest-utils
Requested-By: chafar (1000)
Purge: cloud-guest-utils:amd64 (0.33-1)
End-Date: 2025-07-30 08:29:54

Start-Date: 2025-07-30 08:30:13
Commandline: apt-get purge cloud-init
Requested-By: chafar (1000)
Purge: cloud-init:amd64 (22.4.2-1+deb12u2)
End-Date: 2025-07-30 08:30:14

Start-Date: 2025-07-30 08:30:22
Commandline: apt-get autoremove
Requested-By: chafar (1000)
Remove: python3-blinker:amd64 (1.5-1), python-babel-localedata:amd64 (2.10.3-1), python3-webcolors:amd64 (1.11.1-1), libxaw7:amd64
(2:1.0.14-1), python3-importlib-metadata:amd64 (4.12.0-1),
libeatmydata1:amd64 (130-2+b1), python3-jsonpatch:amd64 (1.32-2), python3-more-itertools:amd64 (8.10.0-2), python3-attr:amd64 (22.2.0-1), gdisk:amd64 (1.0.9-2.1), python3-babel:amd64 (2.10.3-1), python3-jsonschema:amd64 (4.10.3-1), python3-oauthlib:amd64 (3.2.2-1), python3-json-pointer:amd64 (2.3-2), python3-jinja2:amd64
(3.1.2-1+deb12u2), python3-serial:amd64 (3.5-1.1),
python3-netifaces:amd64 (0.11.0-2+b1), python3-uritemplate:amd64
(4.1.1-2), python3-markupsafe:amd64 (2.1.2-1+b1), python3-jwt:amd64
(2.6.0-1), eatmydata:amd64 (130-2), python3-yaml:amd64 (6.0-3+b2),
sudo:amd64 (1.9.13p3-1+deb12u1), python3-rfc3987:amd64 (1.3.8-2), python3-pyrsistent:amd64 (0.18.1-1+b3), python3-zipp:amd64 (1.0.0-6)
End-Date: 2025-07-30 08:30:24

... sudo gets inadvertently removed within a lot of python3 packages !!!

who remembers the root password ?

Best regards

--
José Esteban
034 - 607507781

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30/07/2025 13:48, José Esteban wrote:

Commandline: apt-get autoremove
Requested-By: chafar (1000)
Remove: python3-blinker:amd64 (1.5-1), python-babel-localedata:amd64 (2.10.3-1), python3-webcolors:amd64 (1.11.1-1), libxaw7:amd64
(2:1.0.14-1), python3-importlib-metadata:amd64 (4.12.0-1), libeatmydata1:amd64 (130-2+b1), python3-jsonpatch:amd64 (1.32-2), python3-more-itertools:amd64 (8.10.0-2), python3-attr:amd64 (22.2.0-1), gdisk:amd64 (1.0.9-2.1), python3-babel:amd64 (2.10.3-1), python3- jsonschema:amd64 (4.10.3-1), python3-oauthlib:amd64 (3.2.2-1), python3- json-pointer:amd64 (2.3-2), python3-jinja2:amd64 (3.1.2-1+deb12u2), python3-serial:amd64 (3.5-1.1), python3-netifaces:amd64 (0.11.0-2+b1), python3-uritemplate:amd64 (4.1.1-2), python3-markupsafe:amd64
(2.1.2-1+b1), python3-jwt:amd64 (2.6.0-1), eatmydata:amd64 (130-2), python3-yaml:amd64 (6.0-3+b2), sudo:amd64 (1.9.13p3-1+deb12u1), python3- rfc3987:amd64 (1.3.8-2), python3-pyrsistent:amd64 (0.18.1-1+b3), python3-zipp:amd64 (1.0.0-6)
End-Date: 2025-07-30  08:30:24

... sudo gets inadvertently removed within a lot of python3 packages !!!

apt-mark manual sudo


--
Too cool to calypso,
Too tough to tango,
Too weird to watusi
-- The Only Ones

Eduardo M KALINOWSKI
[email protected]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi José,

On Wed, Jul 30, 2025 at 06:48:45PM +0200, José Esteban wrote:

I'I've written to sudo package maintainer, but he suggests me to
report that here and so I do.

I am surprised that a package maintainer has told you to report anything
to debian-user. Are you sure about that? Here we are all just users of
Debian: we have no authority to make changes to anyone's packages. If
the sudo maintainer wanted to make a change to their package that is
their business and do not need anything from us.

Although, I think if they wanted to make sudo "essential" they would
need to co-ordinate that with other Debian Developers.

I also don't think they would be interested in that change as there is generally a desire to reduce the essential set where possible.

It could perhaps be argued that if "sudo" is installed as part of the debian-installer (when you do not provide a root password at install
time) then "sudo" should be marked as manually installed, thus not
eligible for automatic removal. Perhaps that is already the case, as you
imply that you do have a root password, in which case "sudo" would not
have been manually installed by the installer.

Anyway if you wanted to make that argument, first check if it is the
case and then contatc the debian-boot mailing list.

Start-Date: 2025-07-30 08:30:22
Commandline: apt-get autoremove
Requested-By: chafar (1000)
Remove: python3-blinker:amd64 (1.5-1), python-babel-localedata:amd64 (2.10.3-1), python3-webcolors:amd64 (1.11.1-1), libxaw7:amd64 (2:1.0.14-1), python3-importlib-metadata:amd64 (4.12.0-1), libeatmydata1:amd64 (130-2+b1), python3-jsonpatch:amd64 (1.32-2), python3-more-itertools:amd64 (8.10.0-2), python3-attr:amd64 (22.2.0-1), gdisk:amd64 (1.0.9-2.1), python3-babel:amd64 (2.10.3-1), python3-jsonschema:amd64 (4.10.3-1), python3-oauthlib:amd64 (3.2.2-1), python3-json-pointer:amd64 (2.3-2), python3-jinja2:amd64 (3.1.2-1+deb12u2), python3-serial:amd64 (3.5-1.1), python3-netifaces:amd64 (0.11.0-2+b1), python3-uritemplate:amd64 (4.1.1-2), python3-markupsafe:amd64 (2.1.2-1+b1), python3-jwt:amd64 (2.6.0-1), eatmydata:amd64 (130-2), python3-yaml:amd64 (6.0-3+b2), sudo:amd64 (1.9.13p3-1+deb12u1), python3-rfc3987:amd64 (1.3.8-2), python3-pyrsistent:amd64 (0.18.1-1+b3), python3-zipp:amd64 (1.0.0-6)
End-Date: 2025-07-30 08:30:24

... sudo gets inadvertently removed within a lot of python3 packages !!!

It is only "inadvertent" because you did not like the outcome of your
own actions. The meaning of autoremove in Debian is "offer to remove
every non-essential package that no longer has any dependencies."

i.e, you only got sudo in the first place because something in there
depended on it or listed it as a recommend.

The fact that you in real life depended on it was not encoded in apckage dependencies. As the administrator it is your duty to to know that. You
can express that you depend upon sudo being installed by manually
installing sudo by name, or using apt-mark to mark it as such. Then it
won;t be eligible for auto removal.

The only way that Debian could alter things is to make sudo an essential package but the fact is it's not essential! Many people don't use it at
all. There are competing implementations of the same concept. There is
nothing special about sudo. These are all reasons why Debian is very
very unlikely to make a special case out of sudo.

More generally let;s say a miracle happened and Debian made sudo
essential and every new Debian install got an instal of sudo that can't
be removed. You're now happy. Until the next time you issue "apt-get autoremove" without reading the list of what it is about to do.

The general solution to this is

1. express your dependencies

2. use dangerous commands

There is only so far the distribution can go to protect you / guess your desires, rest is your job as admin.

who remembers the root password ?

A rapidly assembling mob of sudo refuseniks now heading in the
direction of this thread. They got su and know how to use it.

Thanks,
Andy

PS I like sudo-rs. New in trixie! 😀

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jos� Esteban (HE12025-07-30):

Is it realistic to hope you to remember such many little things like this each time you setup some system ?

You did not take notes? Your bad.

How many headless systems usually work
without sudo ?

Many.

I'm worked a whole life making software and I've always acted to ease my users' life... but may be just me.

We might not have the same idea of what makes our live easier.

El 30/7/25 a las 19:36, William Edwards escribi�:

Top posting is forbidden by the etiquette of this mailing-list.

Regards,

--
Nicolas George

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Jul 30, 2025 at 05:56:23PM +0000, Andy Smith wrote:

The general solution to this is

1. express your dependencies

2. use dangerous commands

carefully

and the general advice to me is to proof read emails better

Thanks,
Andy

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Andy Smith (HE12025-07-30):

I am surprised that a package maintainer has told you to report anything
to debian-user. Are you sure about that?

It might be something like “I don't have time for that kind of nonsense, please ask on [email protected]”.

Regards,

--
Nicolas George

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello.

Is it realistic to hope you to remember such many little things like
this each time you setup some system ? How many headless systems usually
work without sudo ?

I'm worked a whole life making software and I've always acted to ease my
users' life... but may be just me.

Thanks for the response; I'll try to remember to apt-mark sudo as manual installed next time.

Best regards.

El 30/7/25 a las 19:36, William Edwards escribió:

If you need sudo, why not just apt-mark manual it?

William David Edwards

Op 30 jul 2025 om 19:30 heeft José Esteban <[email protected]> het volgende geschreven:

I'I've written to sudo package maintainer, but he suggests me to
report that here and so I do. This is in my /var/log/apt/history.log:

Start-Date: 2025-07-30 08:29:54
Commandline: apt-get purge cloud-guest-utils
Requested-By: chafar (1000)
Purge: cloud-guest-utils:amd64 (0.33-1)
End-Date: 2025-07-30 08:29:54

Start-Date: 2025-07-30 08:30:13
Commandline: apt-get purge cloud-init
Requested-By: chafar (1000)
Purge: cloud-init:amd64 (22.4.2-1+deb12u2)
End-Date: 2025-07-30 08:30:14

Start-Date: 2025-07-30 08:30:22
Commandline: apt-get autoremove
Requested-By: chafar (1000)
Remove: python3-blinker:amd64 (1.5-1), python-babel-localedata:amd64 (2.10.3-1), python3-webcolors:amd64 (1.11.1-1), libxaw7:amd64 (2:1.0.14-1), python3-importlib-metadata:amd64 (4.12.0-1), libeatmydata1:amd64 (130-2+b1), python3-jsonpatch:amd64 (1.32-

2), python3-more-itertools:amd64 (8.10.0-2), python3-attr:amd64 (22.2.0-1), gdisk:amd64 (1.0.9-2.1), python3-babel:amd64 (2.10.3-1), python3-jsonschema:amd64 (4.10.3-1), python3-oauthlib:amd64 (3.2.2-1), python3-json-pointer:amd64 (2.3-2), python3-jinja2:
amd64 (3.1.2-1+deb12u2), python3-serial:amd64 (3.5-1.1), python3-netifaces:amd64 (0.11.0-2+b1), python3-uritemplate:amd64 (4.1.1-2), python3-markupsafe:amd64 (2.1.2-1+b1), python3-jwt:amd64 (2.6.0-1), eatmydata:amd64 (130-2), python3-yaml:amd64 (6.0-3+b2)
, sudo:amd64 (1.9.13p3-1+deb12u1), python3-rfc3987:amd64 (1.3.8-2), python3-pyrsistent:amd64 (0.18.1-1+b3), python3-zipp:amd64 (1.0.0-6)

End-Date: 2025-07-30 08:30:24

... sudo gets inadvertently removed within a lot of python3 packages !!!

who remembers the root password ?

Best regards

--
José Esteban
034 - 607507781

--
José Esteban
034 - 607507781

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Is it realistic to hope you to remember such many little things like this each time you setup some system ? How many headless systems usually work without sudo ?

Debian tries to be flexible, so it tries not to impose any
particular set of packages. It has its pros and cons, inevitably.
I thing given the way things are, the best Debian could do is to try and
make sure `sudo` is not accidentally installed "automatically", which
seems to be what happened for you.

So it would help if you could remember *how* you installed `sudo`?
Then we could try and see if something can be changed such that next
time someone does something similar, `sudo` is either not installed or
marked as manually-installed.

I'm worked a whole life making software and I've always acted to ease my users' life... but may be just me.

There are tensions at play for an OS like Debian which strives to be
universal and thus has to accommodate a wide variety of situations.
What makes life easier for one group can make it harder for another.

Thanks for the response; I'll try to remember to apt-mark sudo as manual installed next time.

Next time you need `apt-mark manual`, try and think whether Debian could
have "guessed" that this package (whether it's `sudo` or any other)
should be marked as manually-installed, or try and think how Debian
could have encouraged some other set of actions which would have resulted in the same result without you having to manually run `apt-mark manual`.
[ And then file a bug-report/enhancement-request. ]


Stefan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jos� Esteban wrote:

Is it realistic to hope you to remember such many little things like this each time you setup some system ? How many headless systems usually work without sudo ?

People who install many headless (or any other kind) of system
should use an automated management system.

ansible, puppet, chef (cinc), nix, and others are all fairly
popular for that sort of thing. It's generally easy to have a
basic set of packages and configurations that go everywhere,
and named specializations for specific machines or roles.

-dsr-

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

If you need sudo, why not just apt-mark manual it?

Does anyone know if the installer does this if the administrator doesn't set a root password?

I believe so, but I don't know for sure, no.

There's an argument that sudo should refuse to uninstall itself (e.g. in
a prerm script) if the root user doesn't have a password at all. That would be a neat trick.

Indeed.

Thinking of scenarios how `sudo` could end up marked as automatically-installed, `aptitude why sudo` points out that it can get auto-installed (via "recommends") if you install `dkms`, so maybe Jos�
(or the installer) installed `dkms` long ago and then he recently
removed it?


Stefan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Wed, Jul 30, 2025 at 07:55:12PM +0100, Darac Marjal wrote:

There's an argument that sudo should refuse to uninstall itself (e.g. in a prerm script) if the root user doesn't have a password at all. That would be a neat trick.

That's an interesting idea. sudo pre-rm could say, "please set a root
password and retry" or something. I took from OP saying about "who
remembers root password?" that they did have a root password set though,
in which case this wouldn't help of course.

(Whole other conversation here about having a root password set that you
don't record somewhere also being questionable practice!)

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Jos�,

On Wed, Jul 30, 2025 at 07:47:35PM +0200, Jos� Esteban wrote:

Is it realistic to hope you to remember such many little things like this each time you setup some system ?

Yes, that is part of the administrator's job. That and many other little details, including reading command output when you issue a packaging
command as root. There is no getting around having to know and remember
things but on a case by case basis we can suggest tools to make life
easier.

You've already been advised about apt-mark.

Another common practice in systems administration is the idea of
configuration management. You express desired system state and the configuration management tool puts the system into that state. "I want
sudo installed" wuld be part of that state. Examples of popular
configuration management tools that support Debian are Ansible, Chef and Puppet. Others exist.

I don't think there would ever be a way to avoid having to carefully
check things you do as root though! We have all been there with a
careless command.

How many headless systems usually work without sudo ?

Mine have a variant of sudo but I expect there are several large
corporations that between them have hundreds of millions of servers
without sudo, and thousands of administrators who have gone their whole
working life without ever using or wanting sudo.

I'm worked a whole life making software and I've always acted to ease my users' life... but may be just me.

Fact is you only got sudo installed on your system because some other
software you installed depended upon it. Please explain how Debian is
supposed to know that you actually want it independently of that other software? At the moment your argument is, "I always use sudo so Debian
should just know."

Usage of sudo is not as widespread as you think.

Your suggestion to make it essential would force it to be present on
everyone's Debian. I guarantee there would be more complaints about that
than yours.

I will point out again that people on this mailing list have no
authority whatsoever in Debian. It is very possible that someone sent
you here to complain about this as a means for you to blow off steam with
no actual change happening in the world. We aren't the ones you have to convince, but possibly you have been sent here to just debate it. Or
else there is some misunderstanding about why you were pointed at
debian-user.

Thanks for the response; I'll try to remember to apt-mark sudo as manual installed next time.

Automation exists for when you want it. No more need to remember
apt-mark or countless other little details, but the price is having to
learn about the whole world of configuration management!

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Thu, Jul 31, 2025 at 08:42:07AM +0700, Max Nikulin wrote:

Removing sudo (1.9.13p3-1+deb12u1) ...
You have asked that the sudo package be removed,
but no root password has been set.
Without sudo, you may not be able to gain administrative privileges.

Hah, so it seems we have rambled about a feature suggestion that is
already implemented. :)

I should remember that it's too easy to pointlessly speculate while
checking it out for myself is harder but more valuable.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan writes:

Thinking of scenarios how `sudo` could end up marked as automatically-installed...

26 packages recommend sudo:
Recommends: apt-dater-host
|Recommends: inxi
Recommends: dkms
Recommends: winetricks
Recommends: v4l2loopback-utils
Recommends: task-desktop
Recommends: sshuttle
Recommends: buildd
Recommends: bundler
Recommends: reprotest
Recommends: q4wine
Recommends: pbuilder
Recommends: plc-utils
Recommends: open-infrastructure-system-config
Recommends: open-infrastructure-compute-tools
Recommends: nohang
Recommends: monitoring-plugins-standard
Recommends: live-config
Recommends: lava-dispatcher
|Recommends: inxi
Recommends: hobbit-plugins
Recommends: dkms
|Recommends: cockpit-system
Recommends: cloud-init
Recommends: cinnamon-core
Recommends: apt-src

Why isn't sudo priority standard? People who don't want it are likely
to be sufficiently knowledgeable to have no problem removing it.
--
John Hasler
[email protected]
Elmwood, WI USA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Lee (HE12025-07-30):

It would be helpful if autoremove SORTED the list of packages to be
removed so that other, important packages, wouldn't be hidden among
all the python3-whatever packages.

Oh, yes, excellent idea, let it use an unpredictable order rather than
that boring alphabetical order. That way, if I do not see the package in
the list where I expect it to be, that does not mean it is not in the
list, that means I need to read it in full.

Seriously, “I had this problem this morning, that obvious thing would
have avoided it (no, I did not take the time to think about the other consequences)” is a terrible way to design an interface.

Regards,

--
Nicolas George

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Greg Wooledge (HE12025-07-31):

If you look at <https://lists.debian.org/debian-user/2025/07/msg00798.html> more closely, you'll see that they are not sorted alphabetically.

Indeed, but it is not what Jos� saw when removing the package, it is
what he saw later to find out what happened. The console display at confirmation that Jos� did not proofread carefully enough is
alphabetically sorted even if the log apt writes into a file is not.

Regards,

--
Nicolas George

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Jul 31, 2025 at 11:16:38 +0200, Nicolas George wrote:

Lee (HE12025-07-30):

It would be helpful if autoremove SORTED the list of packages to be
removed so that other, important packages, wouldn't be hidden among
all the python3-whatever packages.

Oh, yes, excellent idea, let it use an unpredictable order rather than
that boring alphabetical order.

If you look at <https://lists.debian.org/debian-user/2025/07/msg00798.html> more closely, you'll see that they are not sorted alphabetically.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I read the first few replies on this thread and (a common feeling
reading Debian User) felt utter despair. Until I got to your messages,
at least. Thank you for writing constructive, thoughtful advice.

--
Please do not CC me for listmail.

Jonathan Dowland
[email protected]
https://jmtd.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 2025-07-30 at 19:55 +0100, Darac Marjal wrote:

There's an argument that sudo should refuse to uninstall itself (e.g.
in a prerm script) if the root user doesn't have a password at all.
That would be a neat trick.

There are many other tools that allow you to run things as root under
certain conditions (doas, pkexec, runc, ssh, etc.). There is no way
sudo's prerm script can check all possible ways (which would also
include being able to "understand" all possible configurations of each
tool!).


--
Jan Claeys

(please don't CC me when replying to the list)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jan Claeys (HE12025-07-31):

There are many other tools that allow you to run things as root under
certain conditions (doas, pkexec, runc, ssh, etc.). There is no way
sudo's prerm script can check all possible ways (which would also
include being able to "understand" all possible configurations of each tool!).

Debian should embed an AI in apt to detect when users are about to make
a mistake and prevent them from doing it.

(please don't CC me when replying to the list)

(This is ineffective. Just put a reply-to header like I do.)

Regards,

--
Nicolas George

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Thu, Jul 31, 2025 at 08:01:56PM +0200, Jan Claeys wrote:

On Wed, 2025-07-30 at 19:55 +0100, Darac Marjal wrote:

There's an argument that sudo should refuse to uninstall itself (e.g.
in a prerm script) if the root user doesn't have a password at all.
That would be a neat trick.

There are many other tools that allow you to run things as root under
certain conditions (doas, pkexec, runc, ssh, etc.). There is no way
sudo's prerm script can check all possible ways (which would also
include being able to "understand" all possible configurations of each tool!).

We have learned in this thread that sudo does already have a check in its
prerm that prevents its removal if the system has a root account with no password or if root is a locked account.

It seems reasonable to argue that if sudo is already installed then the user might use it and erring on the side of caution by assuming that there
may not be another way to obtain root privileges is appropriate. Yes
that will occasionally be unnecessary if the user intends to switch to a
sudo alternative. The removal can be forced in that case.

For those not familiar with the dpkg scripts, you can see it at:

/var/lib/dpkg/info/sudo.prerm

If you strongly disagree that this is reasonable then you're actually
asking for a change in the sudo packaging to remove that check…

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

David Wright wrote:

On Thu 31 Jul 2025 at 19:07:30 (+0000), Andy Smith wrote:

On Thu, Jul 31, 2025 at 08:01:56PM +0200, Jan Claeys wrote:

We have learned in this thread that sudo does already have a check in its prerm that prevents its removal if the system has a root account with no password or if root is a locked account.

Do other flavours of linux and unix do this? I view this sort of
protection in the same way as, for example, making "rm -i" the default behaviour of rm. It leads people to assume there's always a safety net
when their actions are reckless.

It's not that there's a safety net, so much as multiple methods to
recover from most situations, with varying degrees of pain.

The su command goes back to AT&T UNIX. You'll find it in Linux, the BSDs, OpenSolaris descendants and even minix. To use it, you need to know the
root password.

You can start a new console on the physical hardware and login as
root. Again, you need to know the root password.

If you can reboot, you can change the kernel command line in grub or
another bootloader and make your init be shell; then you need to remount
the root filesystem read/write, change root's password with passwd or
replace the hash in /etc/shadow, sync and reboot -- now you know the
root password. Once you have root, you can do anything at all to the
data that you have on the system. (There are exceptional circumstances involving read-only media or contrived SELinux configurations.)

If you wipe out a filesystem with data on it, it may well be unrecoverable
-- unless you have already taken precautions, of which the most widely
known is making a backup. Depending on what happened and when, a snapshot
can save you. Physical loss of a disk? The right RAID setup (in advance)
can turn it into a mere inconvenience or slowdown.

If your data is corrupted, you may not notice until it is too late,
unless you are running a verification procedure. Regardless of whether
the corruption was malicious or accidental or caused by a fault, the
recovery procedure always involves identifying the corrupt data and
replacing it with a stored copy from elsewhere.

-dsr-

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

David Wright wrote:

On Thu 31 Jul 2025 at 19:07:30 (+0000), Andy Smith wrote:

We have learned in this thread that sudo does already have a check in its
prerm that prevents its removal if the system has a root account with no
password or if root is a locked account.

It seems reasonable to argue that if sudo is already installed then the user >> might use it and erring on the side of caution by assuming that there
may not be another way to obtain root privileges is appropriate. Yes
that will occasionally be unnecessary if the user intends to switch to a
sudo alternative. The removal can be forced in that case.

Do other flavours of linux and unix do this? I view this sort of
protection in the same way as, for example, making "rm -i" the default behaviour of rm. It leads people to assume there's always a safety net
when their actions are reckless.

Fedora has marked sudo as a "protected" package since 2017,
as a result of this request:

https://bugzilla.redhat.com/1418756

That only prevents yum/dnf from removing the sudo package.
It can be easily removed via rpm. (yum/dnf is to rpm as apt
is to dpkg, for anyone happily oblivious of that other
world. :)

There is certainly a point to be made that something like
'rm -i' leads to many using 'rm -f' by default.

I'm not sure that it is directly comparable to making a
package like sudo a little harder to automatically and/or
accidentally remove, but that's quite subjective.

I see it as more of a speed bump. Those are tedious if
placed everywhere, but not so bad if used judiciously.

--
Todd

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSvlwC4tRNlCF6x+moHOcdGE+n45gUCaIzKcgAKCRAHOcdGE+n4 5pUaAQCudb6bQSS1qiLtaYgeOWAi/gnkpvB60ZvwVxwcKrco+gD9E0lHMGtgTmIy JbDzt/baPitFG8cxMdBUlmXe/1ZY/Q8=
=ySAr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday 31 July 2025 02:17:03 pm Nicolas George wrote:

Debian should embed an AI in apt to detect when users are about to make
a mistake and prevent them from doing it.

No!

There is so much badly-implemented crap out there under the heading of AI that I for one want absolutely nothing to do with it, to the extent possible...

--
Member of the toughest, meanest, deadliest, most unrelenting -- and
ablest -- form of life in this section of space, �a critter that can
be killed but can't be tamed. �--Robert A. Heinlein, "The Puppet Masters"
-
Information is more dangerous than cannon to a society ruled by lies. --James M Dakin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)