1. 18

  2. 9

    The best thing to enable in /etc/sudoers:

    Defaults insults

    I’ve seen penguins that can type better than that.

    1. 4

      I just learned about insults, and that makes me extremely uncomfortable. Not because the insults themselves, but because supporting them is several lines too many, adding to the whole complexity of the tool, which should have only one purpose.

      1. 2

        Agreed. They are definitely an artifact of a more innocent age.

        1. 1

          I assume it’s (soon to be) a sudo plugin and not in the core.

          1. 4

            That means sudo supports plugins, which is again more lines of code than needed :) I’m wondering which plugins are out there and do people genuinely need them?

            1. 2

              I’ve been using the doas port for Linux for a few monthes now, and it works like a charm. I don’t have sudo installed anymore (I still need a sudo symlink to doas though on Debian 9).

        2. 2

          The two admin approval thing seems interesting; could see that being useful in tandem with some kind of chatbot in a corporate setting.

          In terms of “lesser known” sudo things: Defaults use_pty is a setting I would recommend turning on. For some reason, that security risk is left unmitigated by default and would affect anyone using sudo to run certain programs as users without CAP_SYS_ADMIN or similar capabilities. think sudo -u nobody something

          1. 1

            I still wonder how we ended up with consolekit/polkit/logind when the common use cases can be handled with sudo rules. i don’t really trust the whole dbus shenanigans.