On Mon, 24 Feb 2020 14:33:25 +0100
Tito via Dng <dng@???> wrote:

> and only for known "safe" commands. For everything else, it'd be much
> better to just log in on a tty as root. Same goes for su.
>
> for sudo only if set
>

> user    ALL=(ALL:ALL) ALL

>
> or if the user is added to the sudo group
>
> # Allow members of group sudo to execute any command
> %sudo ALL=(ALL:ALL) ALL
>
> if used for single commands it should not be a problem
> unless you allow to open a root xterm....
> To replace su or sudo binary you need root so at this point
> the system is already compromised.
> The use with no password solves one problem but creates others
> like everybody being able to wreck the system with synaptic
> or gparted as soon as they find an unattended desktop.
> Don't want my mom to use synaptic......just mail and browser.
just so you know, it's more traditional and portable to allow the wheel
group to sudo, not have a separate sudo group.
https://en.wikipedia.org/wiki/Wheel_%28computing%29
%wheel ALL=(ALL:ALL) ALL

--
____________________________________
/ Hello... IRON CURTAIN? Send over a \
| SAUSAGE PIZZA! World War III? No |

\ thanks!                            /
 ------------------------------------ 
\
 \
   /\   /\   
  //\\_//\\     ____
  \_     _/    /   /
   / * * \    /^^^]
   \_\O/_/    [   ]
    /   \_    [   /
    \     \_  /  /
     [ [ /  \/ _/
    _[ [ \  /_/