Your message dated Sat, 31 Jan 2026 21:03:54 +0000
with message-id <[email protected]>
and subject line Bug#1114986: fixed in sudo 1.9.17p2-3
has caused the Debian Bug report #1114986,
regarding sudo: Strange Defaults regarding mail
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1114986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114986
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Version: 1.9.16p2-3
Severity: minor
Hello,
looking at the default Email options in sudo I was wondering about the
rationale behind them.
Currently we have this:
Defaults mail_badpass
On multi user systems with an MTA configured in a way that mail to root will
end up somewhere reasonable this will Email the Admin everytime a user
enters a false password but will not Email the Admin in case some automated
script checks if something like "sudo -s" works.
This is why I use mail_no_perms on my systems.
Regarding the sudo manpage *mail_badpass* is off by default so this seems to
be a Debian default to enable this option.
My personal opinion is that all mail should be off by default (like e.g. in
the package unattended-upgrades) because nowerdays most systems do likely
not even have an MTA configured in a way which will direct mail to root to a
reasonable target.
However with real multi-user systems in mind where such mails are probably
desired for security reasons the better default whould then be arguably
mail_no_perms instead of mail_badpass.
Regards
Sven
-- System Information:
Debian Release: 13.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel
Kernel: Linux 6.12.41+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sudo depends on:
ii init-system-helpers 1.69~deb13u1
ii libapparmor1 4.1.0-1
ii libaudit1 1:4.0.2-2+b2
ii libc6 2.41-12
ii libpam-modules 1.7.0-5
ii libpam0g 1.7.0-5
ii libselinux1 3.8.1-1
ii libssl3t64 3.5.1-1
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
sudo recommends no packages.
sudo suggests no packages.
-- Configuration Files:
/etc/pam.d/sudo-i [file not found]
/etc/sudoers [Errno 13] Keine Berechtigung: '/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Keine Berechtigung: '/etc/sudoers.d/README'
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.9.17p2-3
Done: Marc Haber <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Jan 2026 21:32:35 +0100
Source: sudo
Architecture: source
Version: 1.9.17p2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Sudo Maintainers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Closes: 1101123 1114986 1126614
Changes:
sudo (1.9.17p2-3) unstable; urgency=medium
.
* use dh_maintscript to remove /etc/sudoers.d/README.
Thanks to Sven Joachim (Closes: #1126614)
* comment mail_badpass in default /etc/sudoers.
Thanks to Sven Geggus (Closes: #1114986)
* remove no longer used debconf templates (Closes: #1101123)
* remove po-debconf dependency
Checksums-Sha1:
616922155f9cfb0d190655045d2280e2d82ab7de 2704 sudo_1.9.17p2-3.dsc
65f075c62b607c1d43cbeafd221e81336d49e9f5 46660 sudo_1.9.17p2-3.debian.tar.xz
2d0427b6d78b1d500bfccceaded78eec0969898a 5614 sudo_1.9.17p2-3_source.buildinfo
Checksums-Sha256:
fae79d4fb3252d9926d10940f757ae2e1f47ef8713a47e1331af473bd5653a1b 2704
sudo_1.9.17p2-3.dsc
5bcfcc212fc2dbffdbbb7c5c4926e37a349c6c878d8038b71b2b3c9c22dd3889 46660
sudo_1.9.17p2-3.debian.tar.xz
ad63c5a29a5013e1e1cf95690ed5606d103c50729ce40d97af5dc6f7ea6c78ff 5614
sudo_1.9.17p2-3_source.buildinfo
Files:
102a73ce092b2a7159a994fef12441eb 2704 admin optional sudo_1.9.17p2-3.dsc
26113086d3ac58028dfb41a74294c075 46660 admin optional
sudo_1.9.17p2-3.debian.tar.xz
d937b634e0fd654663bd3835a282ee90 5614 admin optional
sudo_1.9.17p2-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAml+agcACgkQj3cgEwEy
BELiiA//UijuyCwFHCDPno8KiHtoa3fYkKrWfJx6xIdtHRKqyqwY1lxzXoyn6uFE
TkTpLyrs+Vc19m0CKLFB3wvGaRIBLVKcUDu3dPaMxC46j/loknUIJDIGDuHOYhHT
U63rodI8dQifIFkdik+puT4A95T3Eo5XhxGOTDE/dRIRaoa0Fw9R2zYsMcZNV7Cv
7tsKXx+rTHoRjdKJNol24+EIhuNRiuRtR1bxNZV3fqxfUzkMOvOM9Z8Dkzqa/JIt
2aDU6f1waVZES62Ujmz52AQre+QHpQHEkLa1Zf55hLKlQPL4yf/WBtfrqc6DheRe
djw7eAVUK+yrZKZedstOsI89eqNO1XZRePuyDKLgJAWXHxNs78saVWX8Aw2Xonob
/vR3CFeRrua4hAMvm0dH+KkQxHLXl8lEZfSXureHwvtLZRUfjqFUpuy4ZKaybqIW
f4EXLOYRz68kqnkKiz2evG0bMLmisOyWjHvJGyOQWG4qaxIZo0ijS9rHyP+8OJYg
Fihc2BEp47cdVi0tnS4PiR0UES3ZlcYrQamv77zn1cMNOkUm3AaTPGye6o1KAEFh
y3ewdyly8U+jIlA8eitRAOp6lICJEIXiAn1/haeA1m2LSvb1twDlI+6N+DQ2aZQR
mXVcg2trp6ZIMrlwd1RTu26zDVfsEcdV0/xZo07ltgrWDmcaFzY=
=8y15
-----END PGP SIGNATURE-----
pgpoUCLBA_hEb.pgp
Description: PGP signature
--- End Message ---
