[sudo-users] sudo -l semantics
Alec Leamas
leamas.alec at gmail.com
Fri Jan 10 01:19:36 MST 2014
On Mon, Jan 6, 2014 at 4:48 PM, Todd C. Miller <Todd.Miller at courtesan.com>wrote:
> On Thu, 02 Jan 2014 23:05:14 +0100, Alec Leamas wrote:
>
> > Which doesn't seem to work :(. I cannot specify a sane rule that
> > allows running sudo with a particular set of options, it basically
> > becomes something like "sudo sudo ..." which doesn't work (and
> shouldn't).
> >
> > Seems that my usecase cannot work unless there is a simple way (option)
> > to ask if I can issue 'sudo -l' questions without running into a prompt.
>
> The way to do this is to use something like this in sudoers:
>
> Defaults listpw=never
>
> but this will disable password checking for any "sudo -l" commands.
>
> If you only want to allow "sudo -l command" for specific commands
> you can do this:
>
> Defaults!CHECK_COMMANDS listpw=never
> Cmnd_Alias CHECK_COMMANDS = /bin/ls, /usr/bin/id
>
> Then you can use "sudo -l /bin/ls" or even "sudo -nl /bin/ls" if
> you never want the user to be prompted for a password.
>
> - todd
>
Thanks! works like a charm. Still keeping pkexec as the final fallback for
users without any configuration at all..
I should have found that part in the manpage myself, though. "embarrassed"
--alec
More information about the sudo-users
mailing list