On 10/10/16 14:08, Michael Vermaes wrote: > On Sat, Oct 8, 2016 at 4:22 PM, Laurentiu Pancescu <lpancescu at gmail.com> wrote: > Do you mind letting us know how the configuration would be fixed to > address this? For what it's worth, in my opinion it would be more > surprising for this behaviour to change. I think a Vagrant box is > assumed to be a 'disposable', single user environment as you > mentioned. Things like the well known insecure passwords and ssh key > contribute to a standard Vagrant experience across boxes from > different distributions. The images would still follow the upstream recommendations, I have no intention of changing the default SSH key or password. In my local implementation: - vagrant and root can use su and sudo without limitations (no change) - other users can't use sudo... (no change) - ...but can still su to any accounts except root or vagrant This matches the sudo configuration pretty closely. An alternative would be to add vagrant to the wheel group, and allow anyone in the wheel group to use su (with password) or sudo (without password). You could add your own users to the wheel group if you wanted to, but it would be a conscientious decision to give someone admin privileges, rather than the default when calling useradd. If you didn't create additional users, you wouldn't be affected in either scenario. The intention is just to prevent beginners from shooting themselves in the foot when sharing a box with a public IP. I'm open to arguments for either solution, as well as other alternatives. Laurențiu