Bug 1418756 - RFE: sudo should add itself to the dnf/yum protected packages list
Summary: RFE: sudo should add itself to the dnf/yum protected packages list
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sudo
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jiří Vymazal
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-02 16:25 UTC by Matthew Miller
Modified: 2017-05-26 08:20 UTC (History)
7 users (show)

Fixed In Version: sudo-1.8.20-0.1.b1.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-12 14:53:30 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1452941 None CLOSED Removing vim-minimal package also removes sudo 2019-10-15 16:25:56 UTC

Internal Links: 1452941

Description Matthew Miller 2017-02-02 16:25:30 UTC
During installation, we don't require a root password to be set if a user with sudo (wheel) access exists. The only thing protecting a user from removing sudo with dnf by accident (perhaps in trying to remove vim-minimal) is one easily-misanswered prompt.

I recommend adding a file 

  /etc/yum/protected.d/sudo.conf

with the contents

  sudo


This will result in 

  $ sudo dnf remove sudo
  Error: The operation would result in removing the following protected packages: sudo


If someone _needs_ to shoot themselves in this particular foot, they could either `rm /etc/yum/protected.d/sudo.conf` first, or just use RPM directly and bypass DNF's protected-packages mechanism.

Comment 1 Matthew Leeds 2017-04-02 23:57:35 UTC
I just accidentally removed sudo on an F25 machine in exactly the way mentioned (by trying to remove vim-minimal) so I'd like to concur that this is a great idea! :)

Comment 2 Jiří Vymazal 2017-04-10 10:48:44 UTC
build with sudo in protected packages present in rawhide

Comment 3 Fedora Update System 2017-04-10 10:57:55 UTC
sudo-1.8.20-0.1.b1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-1efe08aafc

Comment 4 Fedora Update System 2017-04-11 00:26:15 UTC
sudo-1.8.20-0.1.b1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-1efe08aafc

Comment 5 Fedora Update System 2017-04-12 14:53:30 UTC
sudo-1.8.20-0.1.b1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.