Thorsten Kukuk wrote:
On Mon, Nov 07, Vojtěch Zeisek wrote:
Dne pondělí 7. listopadu 2022 9:41:57 CET, Dominique Leuenberger / DimStar napsal(a):
Background situation: a user requested the sudo configuration to be changed to no longer ask for the 'target user's password', but rather ask for the user willing to become somebody else's password (as other distros do) As this change is definitively bad in its current form I have reverted the sudo package to the state it was before snapshot 1103 and published the same version into the openSUSE Tumbleweed update channel.
What's really rotten here is the process. Some FUD was entered into a (non public?) Jira ticket, then referenced in a random bug report. Based on that a security sensitive, invasive distro wide change was implemented without involving anyone who has the side effects for the distro as a whole in mind, nor the ones originally implementing the current behavior. Now we additionally have a discussion on the Factory list here. Where would someone bring up arguments? copy&paste in all three places?
If the original motivation was to align with other distros, if I get it correctly, now we are just reverting back to openSUSE default, so different state than other distros; so will there be any change towards "general consensus", ideally with some automated migration? I added myself into "wheel" group and uncommented in /etc/sudoers "%wheel ALL=(ALL:ALL) ALL", which is fine, but of course in case of automated migration I wouldn't even notice change. :-)
The motiviation was not to align with other distros, but to fix the usage of sudo as it as designed. openSUSE is using sudo as "modern implementation of su" instead of "sudo". With the current setup, you can replace sudo with su in most cases. The motivation was to configure sudo to work as it was designed for and for security reasons. And mid- to longterm, we need to find a way to change the defaults for sudo to match peoples expectation.
What are people's expectations and what is sudo designed for exactly? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Ivo Totev HRB 36809 (AG Nürnberg)