I agree with user535733 in that you should be training your users who have sudo privileges to not go about removing packages when they don't know what those packages are for.
However, in newer versions of apt (> 1.4 - at least Ubuntu 17.04), you can mark a package as "essential" or "important". In Debian bug #767891, a patch was accepted that allows you to do something like:
sudo apt-get -o pkgCacheGen::ForceEssential=gedit update
To mark a package as Essential
(or Important
) - in this example, the gedit
package. For essential packages, apt shows a warning that is much harder to dismiss:
~ sudo apt-get remove bash
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED
bash bash-completion lightdm ubuntu-desktop
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
bash
0 to upgrade, 0 to newly install, 4 to remove and 26 not to upgrade.
After this operation, 7,776 kB disk space will be freed.
You are about to do something potentially harmful
To continue type in the phrase ‘Yes, do as I say!’
?]
Yes, you actually have to type in the exact phrase, including punctuation.
Before apt 1.4, you could install a dummy package using equivs
or something similar that is marked "essential" and depends on the packages you want to show the warning for. Then, any attempt to remove those packages will result in removal of the essential dummy package, showing the warning.
sudoers
file, but there are many possible workarounds; that may also be more complex than is conveniently worthwhile. You may find it more productive to simply revoke the abusers' admin rights. – user535733 Jan 03 '18 at 03:23