[sudo-users] aix sudo 1.8.11-2 with defaults of mail_always in /etc/sudoers also mails sudo -l access; older version did not

[Sharon Hawthorne]

Thank you for your response. I wasn't able to reproduce either, when I went back versions and tested hard. Possibly a different behavior of the vendor scripts, or an interim sudo version I built, although I usually try to use the binaries.

I have made a workaround for the users whose jobs are doing the repetitive sudo -l, by replacing mail_always by "mail_no_perms, mail_no_host, mail_badpass" and duplicating the Cmnd_Alias, less the commands on which we don't want mail, and adding mail_always for only those commands. I can't make 2 independent Cmnd_Aliases, since the same vendor scripts search for "their" Cmnd_Alias in a clunky way. 

A similar construct to: Defaults!/usr/bin/grep  !mail_always would be better that would work for sudo -l but doesn't seem possible, unless I'm missing a trick.

As a feature, it would be nice to be able to apply a Defaults statement to a command or command alias AND a user/userlist, but it's clear from the documentation that it's not allowed -- probably wouldn't make sense to parse.

Just one of thousands who very much appreciate you work on sudo.

- Sharon

> -----Original Message-----
> From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
> Sent: Wednesday, 21 January, 2015 07:40
> To: Sharon Hawthorne
> Cc: 'sudo-users at sudo.ws'
> Subject: Re: [sudo-users] aix sudo 1.8.11-2 with defaults of mail_always in
> /etc/sudoers also mails sudo -l access; older version did not
> 
> What version of sudo were you running previously that didn't send
> mail for "sudo -l" and mail_all?  Even sudo 1.6.9p23 has this
> behavior so the change must have happened a long time ago.
> 
>  - todd