[sudo-users] "sudo -l" vs. rootpw, etc

Todd C. Miller Todd.Miller at courtesan.com
Wed Jan 29 15:43:49 MST 2014

The rootpw, runaspw and targetpw sudoers options cause sudo to
prompt for the target user's password, the default runas user's
password or the root password instead of the user's own password.

This is all well and good when running commands but it means that
to run "sudo -l" you need to use a password other than your own.
Unless the sudo prompt includes the %p escape, it may not even be
clear whose password sudo is actually expecting.

For the next version of sudo I'm planning to make "sudo -l" prompt
for the user's password regardless of whether or not any of rootpw,
runaspw or targetpw are set.  It doesn't really make sense to require
for someone else's password just to view the things you are allowed
to run.  Is that going to cause headaches for anyone?  I know that
SuSE at least used to set targetpw by default (and they may still).

 - todd

More information about the sudo-users mailing list