[sudo-users] sudo -l semantics

Alec Leamas leamas.alec at gmail.com
Sat Jan 4 14:21:47 MST 2014

On 2014-01-02 23:05, Alec Leamas wrote:
> On 2014-01-02 19:57, Alec Leamas wrote:
>> On 2014-01-02 19:37, Shawn McMahon wrote: However, if you're bound 
>> and determined to do this, you could give that
>>> user a passwordless sudo rule allowing them to run "sudo -U 
>>> <username> -l"
>>> as root, and parse that output for what you're searching for.
>> Not really. This is a chicken and egg problem, to handle what happens 
>> when my app is started  after a clean install.  Of course, opening up 
>> for all users as part of installation is an option, but that would be 
>> system-wide and not really the way to go IMHO. The username is 
>> basically unknown at installation time.
>> Perhaps if I installed a rule allowing all users to run exactly "sudo 
>> -l my-cmd" or so.... Dunno, that is perhaps not to bad?!
>> --alec
> Which doesn't seem to work :(.   I cannot specify a sane rule that 
> allows running sudo with a particular set of options, it basically 
> becomes something like "sudo sudo ..." which doesn't work (and 
> shouldn't).
> Seems that my usecase cannot work unless there is a simple way 
> (option) to ask if I can issue 'sudo -l' questions without running 
> into a prompt. Need to find other ways around this (polkit?).
> --alec

At last I have been able to use pkexec instead of sudo for the initial 
bootstrapping - basically adding a group to the running user.  Although 
pkexec works better for this purpose, IMHO sudo is still superior when 
it comes to assigning permissions to users in that group.  And the two 
dependencies sudo and polkit doesn't really matter, most  users have 
them in place anyway.

That said, it would have been great if I had been able to use sudo for 
everything. Using two different tools adds some complexity.


More information about the sudo-users mailing list