Why PCLinuxOS Shuns sudo Use



by Old-Polack

There has been some confusion about sudo support on PCLinuxOS. Hopefully, this will clarify the subject.

In The Manner Of The Buntus = ITMOTB

Sudo is just another Linux tool, but one that when abused, can drastically impair the security of one’s system. All the major Linux releases, except the buntus and their clones, agree that when used ITMOTB, sudo is a major security risk, so none of them, by default, implement it ITMOTB. Our policy has also always been to not support the use of sudo ITMOTB, and we have never varied on that. When we say we discourage the use of sudo, ITMOTB, we say it with extreme prejudice.

We have always supported the proper use of sudo as a limiting resource, when root privileges are needed for a specific repeatable purpose, such as when needed for the proper functioning of an application, within a script, or when a specific user on a multi user system is assigned limited administrative duties, but is not allowed access to the root password or full root privileges. This is the purpose for which sudo was intended.

When implementing sudo, care should be taken to limit a user’s entry in /etc/sudoers to the absolute minimum of specific commands needed to perform the task at hand.

Sudo, when used ITMOTB, gives blanket, unlimited root privileges to a normal user, who can then literally run as root using his own normal user's password; there being no specific root password set, the normal user's password effectively becomes the root password, thereby removing an entire layer of Linux system security. (the separation of all normal users from the root user) This is the abuse of sudo we speak of. We feel that it is totally irresponsible, and it is that which we refuse to support.

If someone comes here, refuses to learn to run PCLinuxOS as it was designed to be used, with a proper root password, su and su - commands to grant root permissions, while demanding instructions to run their system ITMOTB, we respectfully suggest they install a buntu version instead, or one of their clones. We will not officially condone this deliberate breach of security protocols, and will not tolerate having instructions to facilitate the use of sudo ITMOTB on this forum. On this point, we are adamant, and this decision is not open to debate.

Any tool can be misused, and we cannot prevent any individual from abusing their own system. What we can do is prevent the aiding and abetting of that misuse/abuse on this forum, where unwary and inexperienced new users could be exposed to it, and think we condone and support such abuse. We do not!

Within the framework spelled out above, we have no problem with anyone posting proper instructions to those seeking to use sudo in the responsible manner for which it was intended. Those that can't refrain from posting instructions to use sudo ITMOTB will be subject to post deletion, reprimand, and possible cancellation of their posting privileges on this forum.