[sudo-users] sudo -l semantics

Alec Leamas leamas.alec at gmail.com
Fri Jan 10 01:19:36 MST 2014

On Mon, Jan 6, 2014 at 4:48 PM, Todd C. Miller <Todd.Miller at courtesan.com>wrote:

> On Thu, 02 Jan 2014 23:05:14 +0100, Alec Leamas wrote:
> > Which doesn't seem to work :(.   I cannot specify a sane rule that
> > allows running sudo with a particular set of options, it basically
> > becomes something like "sudo sudo ..." which doesn't work (and
> shouldn't).
> >
> > Seems that my usecase cannot work unless there is a simple way (option)
> > to ask if I can issue 'sudo -l' questions without running into a prompt.
> The way to do this is to use something like this in sudoers:
> Defaults listpw=never
> but this will disable password checking for any "sudo -l" commands.
> If you only want to allow "sudo -l command" for specific commands
> you can do this:
> Defaults!CHECK_COMMANDS listpw=never
> Cmnd_Alias CHECK_COMMANDS = /bin/ls, /usr/bin/id
> Then you can use "sudo -l /bin/ls" or even "sudo -nl /bin/ls" if
> you never want the user to be prompted for a password.
>  - todd

Thanks! works like a charm. Still keeping pkexec as the final fallback for
users without any configuration at all..

I should have found that part in the manpage myself, though. "embarrassed"


More information about the sudo-users mailing list