On my debian server, when a user who does not have any rights in the sudoers file or any include dirs, calls sudo -l, he gets the standard "responsibility header" and is prompted for his password.
Is it possible to allow all users on a system to call the sudo -l command without needing to specify their password? Preferably, if the user has no privileges, it should just report that.
You could add sudo -l to the allowed commands for all users. Edit the sudoers file with visudo and add a line like this:
ALL ALL=(ALL) NOPASSWD: /usr/bin/sudo -l
When a user now calls sudo -l the output looks as follows:
User foo may run the following commands on this host:
(ALL) NOPASSWD: /usr/bin/sudo -l
Unfortunately the user has not no privileges anymore, because he can invoke sudo -l, so the output of sudo -l is not Sorry, user foo may not run sudo on host anymore.
sudoers to support specifically this situation: unix.stackexchange.com/questions/574576/…