[sudo-users] "sudo -l" vs. rootpw, etc

Todd C. Miller Todd.Miller at courtesan.com
Thu Jan 30 14:43:08 MST 2014


On Thu, 30 Jan 2014 19:06:47 +0100, Erwin wrote:

> In my opinion, "sudo -l" should never ask for a password. There is
> no security risk here but you are going to get a lot of users
> annoyed.

There is disagreement on whether there is or is not a security risk
there.  If you don't want "sudo -l" to ask for a password you can
simply add:

    Defaults listpw=never

to your sudoers file.

 - todd


More information about the sudo-users mailing list