[sudo-users] sudo -l semantics

Todd C. Miller Todd.Miller at courtesan.com
Mon Jan 6 08:48:31 MST 2014

On Thu, 02 Jan 2014 23:05:14 +0100, Alec Leamas wrote:

> Which doesn't seem to work :(.   I cannot specify a sane rule that 
> allows running sudo with a particular set of options, it basically 
> becomes something like "sudo sudo ..." which doesn't work (and shouldn't).
> Seems that my usecase cannot work unless there is a simple way (option) 
> to ask if I can issue 'sudo -l' questions without running into a prompt. 

The way to do this is to use something like this in sudoers:

Defaults listpw=never

but this will disable password checking for any "sudo -l" commands.

If you only want to allow "sudo -l command" for specific commands
you can do this:

Defaults!CHECK_COMMANDS listpw=never
Cmnd_Alias CHECK_COMMANDS = /bin/ls, /usr/bin/id

Then you can use "sudo -l /bin/ls" or even "sudo -nl /bin/ls" if
you never want the user to be prompted for a password.

 - todd

More information about the sudo-users mailing list