Web lists-archives.com

Re: [SOLVED] Re: Security hole in LXDE?

On 2017-03-06, Joe <joe@xxxxxxxxxxxxxx> wrote:
> Who said anything about lpadmin? The question is about the wisdom of
> automatically including someone in the sudo group, which in a default
> Debian sudoers file, gives full root privileges to everything, using the
> user's password.
> We have someone saying this happens, someone else saying it doesn't, I
> don't know as I haven't done a recent installation, and the thread was
> started by someone who says it did happen to him.

I've only used the installer up to and including Wheezy and have always
created a root password. But if I hadn't (created a root password) then
I suppose I would've been included in the sudo group with full
administrative privileges. If not, how would or does the person
installing the OS (who is therefore, ipso facto, IMO, the administrator
of the machine) do anything administratively? And what difference would
it make security-wise to put the "first user" in the sudo group when she
or he could have gotten there anyway by simply creating a root password
and foregoing sudo altogether? Or am being stupid here, missing
something obvious?

"It might be a vision--of a shell, of a wheelbarrow, of a fairy kingdom on the
far side of the hedge; or it might be the glory of speed; no one knew." --Mrs.
Ramsay, speculating on why her little daughter might be dashing about, in "To
the Lighthouse," by Virginia Woolf.