[sudo-users] sudo -l semantics
Todd C. Miller
Todd.Miller at courtesan.com
Mon Jan 6 08:48:31 MST 2014
On Thu, 02 Jan 2014 23:05:14 +0100, Alec Leamas wrote:
> Which doesn't seem to work :(. I cannot specify a sane rule that
> allows running sudo with a particular set of options, it basically
> becomes something like "sudo sudo ..." which doesn't work (and shouldn't).
>
> Seems that my usecase cannot work unless there is a simple way (option)
> to ask if I can issue 'sudo -l' questions without running into a prompt.
The way to do this is to use something like this in sudoers:
Defaults listpw=never
but this will disable password checking for any "sudo -l" commands.
If you only want to allow "sudo -l command" for specific commands
you can do this:
Defaults!CHECK_COMMANDS listpw=never
Cmnd_Alias CHECK_COMMANDS = /bin/ls, /usr/bin/id
Then you can use "sudo -l /bin/ls" or even "sudo -nl /bin/ls" if
you never want the user to be prompted for a password.
- todd
More information about the sudo-users
mailing list