On Sun, 20 Dec 2015 10:12:17 -0500 Gene Heskett <gheskett@...> wrote: > To that end, if the package > asks for a pw, and gets the 1st users pw as a response, it should be > happy and run. There is little or no difference between root and 1st > user as 1st user is generally the one who originally setup the system > and should know it well. Don't assume that all systems are single-user desktops. Your suggested setup isn't sufficient, for instance, to handle a multi-user system that's just gotten a new administrator, as might happen in a corporate environment. Once the old admin's account is scrubbed, the original "first user" isn't there anymore, so where should the rights end up? The next user added probably wasn't the new admin, and the new admin shouldn't have to use someone else's login name. TDE shouldn't allow behaviour that sudo doesn't (assuming that sudo is even present on the system--it's quite possible to use su only and never install sudo!), which seems to be what you're advocating here. It does have to be able to be able to authenticate via sudo with user passwords if the system accepts that behaviour in other contexts. Regardless, I expect Michele et al. will do The Right Thing. E. Liddell