[sudo-users] sudo -l semantics

Todd C. Miller Todd.Miller at courtesan.com
Fri Dec 27 06:33:18 MST 2013

It is not possible to test whether the user can run a command without
specifying a password.  This is by design as it should not be
possible to list a user's allowed commands without authenticating

However, the way the -l flag works with respect to authentication
is a bit different.  If the user is allowed to run any command they
are able to run "sudo -l".  This means that even if a user is not
allowed to run, say, /bin/bash, as long as they are listed in sudoers
they will be able to run "sudo -l /bin/bash".

 - todd

More information about the sudo-users mailing list