Bug 700 – Why a password challenge on "sudo -l"?

Bug 700 - Why a password challenge on "sudo -l"?


Summary:	Why a password challenge on "sudo -l"?

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.6
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-06-17 08:31 MDT by Robert Nix
Modified:	2015-06-17 09:20 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Nix 2015-06-17 08:31:13 MDT

A user wants to check what sudo rights they have on a system. They enter the command "sudo -l", and if they have any granted rights, they are listed out, and the program exits. But, if they have no specifically granted rights, sudo prompts the user for their password. Why the password prompt, instead of just saying that the user has no elevated rights?

Comment 1 Todd C. Miller 2015-06-17 09:20:14 MDT

"sudo -l" requires a password so that it is not possible for someone else to see a user's privileges in case there is an an unattended terminal (e.g. in a lab setting with multiple people).

If you want to allow "sudo -l" with no password you can just use the following in sudoers:

Defaults listpw=never

Users with sudoers privileges don't need to enter a password if they've used sudo within the past 5 minutes or if their privileges don't require a password to be entered.