Bug 977 – sudo -l asks for password before saying "nosireebob"

Bug 977 - sudo -l asks for password before saying "nosireebob"


Summary:	sudo -l asks for password before saying "nosireebob"

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.9.6
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-05-26 01:38 MDT by Marc Haber
Modified:	2021-09-13 10:31 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marc Haber 2021-05-26 01:38:59 MDT

Hi,

according to the manuap age, sudo -l can be used to verify whether a user would be allowed to invoke a certain command via sudo, returning an 1 status value if not.

In practice, sudo asks for the password first:

| [7/26]zugschlus@fan:~ $ sudo -l apt update
| [sudo] password for zugschlus on fan:
| Sorry, user zugschlus may not run sudo on fan.
| 1 [8/27]zugschlus@fan:~ $

If this is the intended behavior, this should be documented.

Personally, I think that there should not be a password question at this place.

sudo -l -n works as intended, though.

Greetings
Marc

Comment 1 Todd C. Miller 2021-05-26 10:23:38 MDT

This is intended behavior that can be configured in sudoers via the listpw option.  For example:

Defaults listpw=never

The default value for listpw is any, which means no password is required for users with sudo "ALL" permissions.

The specifics of whether a password is required for "sudo -l" is really out of scope for the sudo man page since that is controlled by the policy plugin which in your case is the sudoers module (but it could be some other module).

Comment 2 Todd C. Miller 2021-09-13 10:31:38 MDT

Sudo is behaving as documented.