[sudo-users] Warning email when listing sudo perms

Paul Cantle paul at cantle.me
Tue Dec 1 19:30:34 MST 2015

Hi all,

According to the sudoers manual (man 5 sudoers), it says the following:

Note that mail will not be sent if an unauthorized user tries to run sudo with the -l or -v option.  This allows users to determine for themselves whether or not they are allowed to use sudo.

In my environment, sudoers is only read from LDAP via SSSD (controlled with /etc/nsswitch.conf). So the local file  of /etc/sudoers is never referenced. To that end, non-ldap users are unable to run sudo (this is perfect for me). However, on occasion, I require root (which is obviously a local user) to run “sudo –l –U <user>” to see what perms, etc that <user> has.

Even though the command is returned successfully, I still get a warning email as per the below:

Hostname.domain : Dec  2 02:25:55 : root : TTY=pts/1 ; PWD=/some/directory ; USER=root ; COMMAND=list

As far as the man page is concerned (certainly for using /etc/sudoers), this shouldn’t be happening. I figure, even with LDAP, this should be the case also.

Can anyone shed any light or let me know how I can stop the emails? I’ve tried multiple sudoOptions within the sudo container for the root user with zero results. Or if this is indeed a bug (if LDAP should work the same), then please let me know.

System details below:

Sudo version 1.8.6p7
O/S CentOS 7
SSSD version 1.12.2



More information about the sudo-users mailing list