3

I am thinking why the default user of Debian 8.x is not in sudoers list although it has su/root/... access which is not safer than sudo here

Using sudo is better (safer) than opening a session as root for a number of reasons, including ...

I try to stick to defaults in my Debian use. Therefore, I have not added my default user in sudoer list.

However, it has those shortcomings above.

Still, I am thinking if I should change the default way.

GAD3R
  • 63,407
  • 31
  • 131
  • 192
Léo Léopold Hertz 준영
  • 6,788
  • 29
  • 91
  • 193
  • 1
    What do you mean by "the default user [...] has root access"? If you mean "they can run the command `su`, enter the root password, and then run commands as root", then this applies to all users, none of which have "root access" more than any other. – dhag Feb 27 '17 at 18:59
  • @dhag Yes, of course that I mean. I am not asking about that. – Léo Léopold Hertz 준영 Feb 27 '17 at 19:09
  • 2
    Of course the first thing you do after installation is to add all users with sysadmin privileges to `/etc/sudoers`. Don't be afraid of customizing your system, there'll be many cases where you'll *have* to do that. – dirkt Feb 27 '17 at 19:15
  • @dirkt But why it is not the default feature? – Léo Léopold Hertz 준영 Feb 27 '17 at 19:16
  • "Having sudo access" often means being able to run command as root by entering the user's own password, whereas su requires the root password. That's one big difference. – dhag Feb 27 '17 at 19:32

1 Answers1

3

https://unix.stackexchange.com/a/106582/29483

This is a side-effect of installation parameters. If you specify a root password during installation sudo is not installed by default. If you do not specify a root password, sudo is installed. The authoritative source for this quoted below. Another related special case is that during install if you specify the sudo-ldap package, sudo will not be installed. This is the only time that sudo-ldap can be installed without a root password. If you wish to upgrade from sudo to sudo-ldap latter, you must have a root password during the upgrade.

If you do not specify a password for the root user this account will be disabled but the sudo package will be installed later to enable administrative tasks to be carried out on the new system. -- from debian-installer/manual/en/howto/installation-howto.xml

Community
  • 1
sourcejedi
  • 48,311
  • 17
  • 143
  • 296
  • It would be great to have the note about the thing in the installation process. - - I need to include hee some pictures next time about the process when installing Debian. - - How is this Stephen's Desktop task related in the installation process? – Léo Léopold Hertz 준영 Feb 28 '17 at 05:39
  • 2
    I've run a few Jessie installations to check this, and I was wrong (as is the wiki). There *is* a note about this during the installation process: the screen where you define `root`'s password says "The root user should not have an empty password. If you leave this empty, the root account will be disabled and the system's initial user account will be given the power to become root using the "sudo" command." – Stephen Kitt Feb 28 '17 at 08:49
  • 2
    Readers curious about this can see the processing performed during installation, in [`user-setup-ask`](https://anonscm.debian.org/cgit/d-i/user-setup.git/tree/user-setup-ask) and [`user-setup-apply`](https://anonscm.debian.org/cgit/d-i/user-setup.git/tree/user-setup-apply). – Stephen Kitt Feb 28 '17 at 09:00