[sudo-users] "sudo -l" vs. rootpw, etc
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jan 30 14:43:08 MST 2014
On Thu, 30 Jan 2014 19:06:47 +0100, Erwin wrote:
> In my opinion, "sudo -l" should never ask for a password. There is
> no security risk here but you are going to get a lot of users
> annoyed.
There is disagreement on whether there is or is not a security risk
there. If you don't want "sudo -l" to ask for a password you can
simply add:
Defaults listpw=never
to your sudoers file.
- todd
More information about the sudo-users
mailing list