Bug#1012276: sudo: Usefulness of the --enable-admin-flag configuration option in Debian
On Thu, Jun 02, 2022 at 07:39:39PM +0200, Vincent Blut wrote: > At the moment, it does not seem valuable to have it enabled in Debian since > all > it does is creating the empty sudo_as_admin_successful hidden file in the home > directory of the user calling sudo. > > What makes this option interesting in Ubuntu is this code snippet in > /etc/bash.bashrc: > > if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] > ; then > case " $(groups) " in *\ admin\ *|*\ sudo\ *) > if [ -x /usr/bin/sudo ]; then > cat <<-EOF > To run a command as administrator (user "root"), use "sudo > ". > See "man sudo_root" for details. > > EOF > fi > esac > fi > > Until bash in Debian provides this, I propose that we drop this configuration > option (setting 'Defaults !admin_flag' in /etc/sudoers would work too). If > this > is acceptable to you, I can send a merge request. I'd rather add some more documentation what this does, so that people can add code to their respective scripts. What is the harm done by the option? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1012276: sudo: Usefulness of the --enable-admin-flag configuration option in Debian
Package: sudo Version: 1.9.10-3 Severity: minor -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, sudo 1.9.10-1 has adopted some changes from Ubuntu, including the activation of the --enable-admin-flag configuration option. At the moment, it does not seem valuable to have it enabled in Debian since all it does is creating the empty sudo_as_admin_successful hidden file in the home directory of the user calling sudo. What makes this option interesting in Ubuntu is this code snippet in /etc/bash.bashrc: if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] ; then case " $(groups) " in *\ admin\ *|*\ sudo\ *) if [ -x /usr/bin/sudo ]; then cat <<-EOF To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details. EOF fi esac fi Until bash in Debian provides this, I propose that we drop this configuration option (setting 'Defaults !admin_flag' in /etc/sudoers would work too). If this is acceptable to you, I can send a merge request. Thanks for your work on sudo, Vincent -BEGIN PGP SIGNATURE- iHUEARYKAB0WIQSRJQjHKbAUfuoc+DAQn1qAt/bgAQUCYpj12wAKCRAQn1qAt/bg AShHAQCWXBDkaGr9XZPgNOz9ii1mgNwIbOj9clrHrWGWx+ExAgEAwWI1KKjxLSFE 94B2e6FleH9+DdDut1ojgglgyWLrVwA= =vOFd -END PGP SIGNATURE-
