[sudo-users] sudo -l semantics

Tim Bradshaw tfb at tfeb.org
Mon Jan 6 06:31:35 MST 2014


On 2 Jan 2014, at 19:04, Shawn McMahon wrote:

> If you're prompted for a password, you don't know if you would have been
> allowed to do it or not, unless you type in that password. This ensures
> it's the human user who's asking the question, not some malicious process
> of which he's unaware.

However it's obviously fine for the system to say "you would need to authenticate to know the answer to that, but you have asked me not to authenticate you, so that is all I can tell you": that leaks no information.

And sudo allows you to do exactly that, of course, with -n:

$ sudo -l -n
sudo: a password is required
$ sudo -l
[sudo] password for tfb:






More information about the sudo-users mailing list