edit root alias when installing the OS
Michael A. Peters
mpeters at mac.com
Thu Jan 5 06:51:25 UTC 2006
On Wed, 2006-01-04 at 16:33 -0600, Tommy Reynolds wrote:
> Since folk appear receptive to automatically adding the root email
> address, could we extend a similar functionality, offering to add the
> first user account into /etc/sudoers? The su(8) approach is just
> so-o-o-o open to the dark side.
sudo is useful but is very dangerous - and the way Apple and some of the
distro's implement it is absolutely stupid.
If you are going to enable sudo, it has to be done extremely carefully -
so that a shell can be spawned. If you can spawn a shell with sudo, then
root is no safer than a regularly used login password.
sudo sh
Enter your user password - and now you are root.
With the crappy sudo defaults that so many seem to ship.
Shipping sudo w/o anything enabled by default is the right way to do it.
Let the user dig their own grave, don't dig it for them by default.
More information about the devel
mailing list