Thanks for the answer. That makes sense.
But I'm not saying that sudo should ask for the root's password by default.
My question is why is VASM even in the /etc/sudoers file?
It doesn't make much sense (to me) to give access by default (with only the user's password) to an application that can format partitions, change root's password, and delete other users.
Especially when so many other system things do not have that access (try, for example, "sudo cat /etc/sudoers" and you cannot see it with your user's password).
I'd say if someone would like to grant that privilege to users, they should add VASM to /etc/sudoers, and not have it there by default.
Also, when looking at the relevant lines in /etc/sudoers, you get:
# anyone in the group 'users' can run some programs with a password
with VASM and HW2 defined as
So why is this line there in a fresh install (of 5.9 Standard)?
Why is access with a user's password only granted to /sbin/vasm, but not to /bin/vasm?
(Especially when "man hier" tells you that /sbin, like /bin, "holds commands needed to boot the system, but which are usually not executed by normal users".)
Why is access granted to vlapt and qtparted, when there is no qtparted in a fresh install, and gslapt (not vlapt) is the standard frontend for package management? (plus, besides VASM, if any user does /sbin/vlapt with only his user's password he/she is able to install/remove packages from the system).
Surely, when so many other things are restricted to normal users you would expect VASM and package management to also be restricted by default and only work with root's password.
Maybe that line is in /etc/sudoers for a reason that I'm not getting....
But is sure looks like a mistake and something lingering from previous VL versions...