[sudo-users] aix sudo 1.8.11-2 with defaults of mail_always in /etc/sudoers also mails sudo -l access; older version did not

Todd C. Miller Todd.Miller at courtesan.com
Wed Jan 21 13:24:57 MST 2015


On Wed, 21 Jan 2015 17:41:20 +0000, Sharon Hawthorne wrote:

> A similar construct to: Defaults!/usr/bin/grep  !mail_always would be better
> that would work for sudo -l but doesn't seem possible, unless I'm missing a
> trick.

Unfortunately, because "sudo -l command" looks up the given command
and not just "list" in the sudoers file, this difficult to implement.

I'm not sure that there is any real value in ever sending mail for
"sudo -l" or "sudo -v" (logging them is fine).  I'm considering
just skipping mail unless there is a real command being run (including
sudoedit).

 - todd


More information about the sudo-users mailing list