Bugzilla – Bug 869
listpw=never is not being respected
Last modified: 2019-01-22 06:51:41 MST
If I add listpw=never in sudoers and run sudo -l it always ask for user's password. The workaround I found was to add a new entry with NOPASSWD: to that user letting it to run /usr/bin/false and change listpw to any. Here is sudoers with the workaround: # by VAS # Defaults Defaults syslog=auth, log_year, logfile=/var/log/sudo.log Defaults !lecture, !insults, listpw=any Defaults env_keep+=EDITOR # User alias specification # Cmnd alias specification Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/halt, /sbin/reboot Cmnd_Alias VM = /usr/local/sbin/vm "",\ /usr/local/sbin/vm list, \ /usr/local/sbin/vm help, \ /usr/local/sbin/vm info *, \ /usr/local/sbin/vm start *, \ /usr/local/sbin/vm stop *, \ /usr/local/sbin/vm console *, \ /usr/local/sbin/vm startall, \ /usr/local/sbin/vm stopall, \ /usr/local/sbin/vm reset *, \ /usr/local/sbin/vm poweroff * # User privilege specification %wheel ALL = (ALL) SHUTDOWN, VM %wheel ALL = (ALL) NOPASSWD: /usr/bin/false # EOF ------------------------------------------------------------ And here is the one that fails: # by VAS # Defaults Defaults syslog=auth, log_year, logfile=/var/log/sudo.log Defaults !lecture, !insults, listpw=never Defaults env_keep+=EDITOR # User alias specification # Cmnd alias specification Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/halt, /sbin/reboot Cmnd_Alias VM = /usr/local/sbin/vm "",\ /usr/local/sbin/vm list, \ /usr/local/sbin/vm help, \ /usr/local/sbin/vm info *, \ /usr/local/sbin/vm start *, \ /usr/local/sbin/vm stop *, \ /usr/local/sbin/vm console *, \ /usr/local/sbin/vm startall, \ /usr/local/sbin/vm stopall, \ /usr/local/sbin/vm reset *, \ /usr/local/sbin/vm poweroff * # User privilege specification %wheel ALL = (ALL) SHUTDOWN, VM # EOF
Thanks for the report, this has been broken for a very long time. I've just committed a fix for the bug: https://www.sudo.ws/repos/sudo/rev/ecb89088a884
Thanks! It worked as expected.