Bug 183

Summary: Allow root to list authoirzations for users (For Audit Compliance)
Product: Sudo Reporter: Richard Ross <rross>
Component: ConfigureAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: normal    
Version: 1.6.8   
Hardware: Other   
OS: All   

Description Richard Ross 2005-06-06 13:12:01 MDT
We have a audit requirement (Sarbanes Oxley) to revalidate userid
authorizations within the sudoers file.  I would like a simple way of
performing this within sudo by issuing a 'sudo -u userid -l' .. Unfortunately,
this returns the authorizations for the user that ran the command (root in my
case).  If I change the command to 'sudo -u userid sudo -l' then each person
would need to be authorized w/NOPASSWD: for 'sudo -l'.  I would like the ability
to authorize a particular userid or group via:

root ALL = (ALL) NOPASSWD: /usr/local/bin/sudo -u * -l

so that a simple script can be written to list each users authorizations.  In
this day of Sarbanes Oxley, this functionality is getting more important.

Thank You
Richard Ross
Comment 1 Todd C. Miller 2005-06-06 13:18:48 MDT
sudo 1.7 will allow root to list other users