Bug 869

Summary: listpw=never is not being respected
Product: Sudo Reporter: Renato Botelho <garga>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.27   
Hardware: PC   
OS: FreeBSD   

Description Renato Botelho 2019-01-22 03:42:00 MST 
If I add listpw=never in sudoers and run sudo -l it always ask for user's password.

The workaround I found was to add a new entry with NOPASSWD: to that user letting it to run /usr/bin/false and change listpw to any.

Here is sudoers with the workaround:

# by VAS

# Defaults
Defaults  syslog=auth, log_year, logfile=/var/log/sudo.log
Defaults  !lecture, !insults, listpw=any
Defaults env_keep+=EDITOR

# User alias specification

# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/halt, /sbin/reboot
Cmnd_Alias VM = /usr/local/sbin/vm "",\
        /usr/local/sbin/vm list, \
        /usr/local/sbin/vm help, \
        /usr/local/sbin/vm info *, \
        /usr/local/sbin/vm start *, \
        /usr/local/sbin/vm stop *, \
        /usr/local/sbin/vm console *, \
        /usr/local/sbin/vm startall, \
        /usr/local/sbin/vm stopall, \
        /usr/local/sbin/vm reset *, \
        /usr/local/sbin/vm poweroff *

# User privilege specification
%wheel ALL = (ALL) SHUTDOWN, VM
%wheel ALL = (ALL) NOPASSWD: /usr/bin/false

# EOF

------------------------------------------------------------

And here is the one that fails:

# by VAS

# Defaults
Defaults  syslog=auth, log_year, logfile=/var/log/sudo.log
Defaults  !lecture, !insults, listpw=never
Defaults env_keep+=EDITOR

# User alias specification

# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/halt, /sbin/reboot
Cmnd_Alias VM = /usr/local/sbin/vm "",\
        /usr/local/sbin/vm list, \
        /usr/local/sbin/vm help, \
        /usr/local/sbin/vm info *, \
        /usr/local/sbin/vm start *, \
        /usr/local/sbin/vm stop *, \
        /usr/local/sbin/vm console *, \
        /usr/local/sbin/vm startall, \
        /usr/local/sbin/vm stopall, \
        /usr/local/sbin/vm reset *, \
        /usr/local/sbin/vm poweroff *

# User privilege specification
%wheel ALL = (ALL) SHUTDOWN, VM

# EOF
Comment 1 Todd C. Miller 2019-01-22 06:42:26 MST 
Thanks for the report, this has been broken for a very long time.
I've just committed a fix for the bug: https://www.sudo.ws/repos/sudo/rev/ecb89088a884
Comment 2 Renato Botelho 2019-01-22 06:51:41 MST 
Thanks! It worked as expected.