The line "Defaults listpw=never" in sudoers does not work as documented:
"sudo -l" still requires a password from the user instead of showing the permitted commands.
Could you give me more details about how to reproduce it? I've tested here and couldn't .
Created attachment 200951 [details]
A complete sudoers file
(In reply to Renato Botelho from comment #1)
I have attached my complete sudoers file without any redacting. However when a member of the "user" group runs "sudo -l" she is asked for a password.
Have you been able to reproduce the problem with my sudoers file?
Just in case they are useful, I'm posting the build options:
AUDIT : on
DISABLE_AUTH : off
DOCS : on
EXAMPLES : on
GSSAPI_BASE : off
GSSAPI_HEIMDAL : off
GSSAPI_MIT : off
INSULTS : off
LDAP : off
NLS : off
NOARGS_SHELL : off
OPIE : off
PAM : on
SSSD : off
I managed to reproduce the issue here and opened a ticket upstream . While it's not fixed you can workaround it using listpw=any and configuring an entry allowing %user to run /usr/bin/false with NOPASSWD: set
A commit references this bug:
Date: Tue Jan 22 13:51:16 UTC 2019
New revision: 490951
security/sudo: Fix listpw=never
When listpw=never is set, 'sudo -l' is expected to run without asking for a
Reported by: firstname.lastname@example.org
Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=869
Sponsored by: Rubicon Communications, LLC (Netgate)
Fix committed to 1.8.27_1