Your message dated Fri, 14 Nov 2008 14:49:37 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Re: sudo: sudo -l should never hang with a prompt
has caused the Debian Bug report #443251,
regarding sudo: sudo -l should never hang with a prompt
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
443251: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443251
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: sudo
Version: 1.6.8p12-4
Severity: normal
The -l flag is used to get allowed/forbidden commands for the current user,
*if any*. It shouldn't prompt for a pwd if no commands are allowed for the
invoking user.
That breaks scripts that call some commands via sudo, but want/need to check
whether the user is allowed before trying, just to avoid hanging in bg with
the pwd prompt.
I think that 'sudo -l' should simply exit with 0 and no lines, besides the
header, if user has no references in sudoers.
--
paolo
--- End Message ---
--- Begin Message ---
Hi,
On Fri, Nov 14, 2008 at 01:36:46PM +0100, Paolo wrote:
> [EMAIL PROTECTED]:~$ sudo -l
> (...)
> Password:
>
> and it hangs there. And it doesn't make any sense imho.
> As you see, seems it WFY (Works For You) but is BFM (Broken For Me).
Ah, sorry, I tricked myself. If I do sudo -l for the first time I get a
password prompt as well. Only on the second time (while the ticket is
active) I don't get one.
Anyway this is not a bug, but a configuration problem. Given that
sudo -l "leaks" security-relevant information it should not do so
without prior authorization (at least not in the default settings).
That is why you are prompted for a password in the first place.
Still, if you decide that you want to use 'sudo -l' in this somewhat
insecure way and you are aware of the implications you are free to
configure sudo in a way that it does not ask for a password when the
list command is required. The key for this is the listpw Default in the
sudoers configuration.
A line like this:
maggie:~# grep listpw /etc/sudoers
Defaults listpw=never
should fix your problem:
[EMAIL PROTECTED] ~ % sudo -k
[EMAIL PROTECTED] ~ % sudo -l
Sorry, user schoenfeld may not run sudo on maggie.
zsh: exit 1 sudo -l
This is described in the sudoers(5) manpage.
I think this bug can be closed therefore and doing so now. Please ropen
if you find that this does not fix your problem.
Best Regards,
Patrick
--- End Message ---
