[sudo-users] aix sudo 1.8.11-2 with defaults of mail_always in /etc/sudoers also mails sudo -l access; older version did not
Todd C. Miller
Todd.Miller at courtesan.com
Wed Jan 21 13:24:57 MST 2015
On Wed, 21 Jan 2015 17:41:20 +0000, Sharon Hawthorne wrote:
> A similar construct to: Defaults!/usr/bin/grep !mail_always would be better
> that would work for sudo -l but doesn't seem possible, unless I'm missing a
> trick.
Unfortunately, because "sudo -l command" looks up the given command
and not just "list" in the sudoers file, this difficult to implement.
I'm not sure that there is any real value in ever sending mail for
"sudo -l" or "sudo -v" (logging them is fine). I'm considering
just skipping mail unless there is a real command being run (including
sudoedit).
- todd
More information about the sudo-users
mailing list