Web lists-archives.com

Re: [SOLVED] Re: Security hole in LXDE?




On Mon, 6 Mar 2017 13:40:45 -0500
Greg Wooledge <wooledg@xxxxxxxxxxx> wrote:

> On Mon, Mar 06, 2017 at 06:31:46PM +0000, Joe wrote:
> > Debian appears to use the group 'sudo' as an administrative group,
> > where some other distributions use 'wheel'.
> > 
> > I would not have thought that users would be added to it by default,
> > there are no members on my sid/xfce4 workstation. Indeed, up to
> > Jessie, sudo was not installed at all by default, and may still not
> > be.  
> 
> If you use the regular Debian installer, the user account that you
> create during installation gets added to a lot of these special groups
> (sudo, cdrom, floppy, audio, video, ...?).  Users that you create
> post-installtion using adduser or useradd do not.
> 

New behaviour, then, my current sid was installed as wheezy, I added
sudo manually early on, but as it was not installed by default, it
would not have added the installing user to a sudo group. I'm certainly
not a member of that group, and have no wish to be.

Possibly I'm missing something, but doesn't this repeat the Windows
mistake of automatically giving the user admin privileges? Isn't that
the main reason for the existence of so many Windows viruses?

-- 
Joe