edit root alias when installing the OS
Michael A. Peters
mpeters at mac.com
Thu Jan 5 06:51:25 UTC 2006
On Wed, 2006-01-04 at 16:33 -0600, Tommy Reynolds wrote:
> Since folk appear receptive to automatically adding the root email
> address, could we extend a similar functionality, offering to add the
> first user account into /etc/sudoers? The su(8) approach is just
> so-o-o-o open to the dark side.
sudo is useful but is very dangerous - and the way Apple and some of the
distro's implement it is absolutely stupid.
If you are going to enable sudo, it has to be done extremely carefully -
so that a shell can be spawned. If you can spawn a shell with sudo, then
root is no safer than a regularly used login password.
sudo sh
Enter your user password - and now you are root.
With the crappy sudo defaults that so many seem to ship.
Shipping sudo w/o anything enabled by default is the right way to do it.
Let the user dig their own grave, don't dig it for them by default.
More information about the fedora-devel-list
mailing list