[sudo-users] "sudo -l" vs. rootpw, etc

Erwin erwinl at dds.nl
Thu Jan 30 11:06:47 MST 2014

On Wednesday 29 January 2014 15:43:49 Todd C. Miller wrote:


> For the next version of sudo I'm planning to make "sudo -l" prompt
> for the user's password regardless of whether or not any of rootpw,
> runaspw or targetpw are set.  It doesn't really make sense to require
> for someone else's password just to view the things you are allowed
> to run.  Is that going to cause headaches for anyone?  I know that
> SuSE at least used to set targetpw by default (and they may still).

In my opinion, "sudo -l" should never ask for a password. There is no security 
risk here but you are going to get a lot of users annoyed.


More information about the sudo-users mailing list