[sudo-users] "sudo -l" vs. rootpw, etc
Erwin
erwinl at dds.nl
Thu Jan 30 11:06:47 MST 2014
On Wednesday 29 January 2014 15:43:49 Todd C. Miller wrote:
<snip>
> For the next version of sudo I'm planning to make "sudo -l" prompt
> for the user's password regardless of whether or not any of rootpw,
> runaspw or targetpw are set. It doesn't really make sense to require
> for someone else's password just to view the things you are allowed
> to run. Is that going to cause headaches for anyone? I know that
> SuSE at least used to set targetpw by default (and they may still).
In my opinion, "sudo -l" should never ask for a password. There is no security
risk here but you are going to get a lot of users annoyed.
Regards,
Erwin
More information about the sudo-users
mailing list