I'm using sudo 1.8.24 on arch linux (just the default version that comes with the OS), and running into problems where it prompts me for my password just to list that a command is valid. Here is my /etc/sudoers file:
Defaults rootpw Defaults listpw=never %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: /bin/false "" I'm in the wheel group. The documentation leads me to believe that listpw=never means I should never be prompted for a password when running sudo -l, and that anyway the default should be to allow it if I don't require a password for /bin/false.
Unfortunately, when I run sudo -l /bin/false, it prompts me for my own password. Note that sudo /bin/false does not require a password, and sudo anything else prompts for the root password, but sudo -l anything prompts for my password. This is particularly annoying if I have already typed the root password to run something as root, as I still have to type my own password two seconds later when running sudo -l. (This is a pattern often used by scripts, that check if you have permission before running sudo, causing me to be prompted for a password even when sudo would succeed without requesting a password.)
update
When I run sudo -l, I get prompted for my password, then sudo prints:
Matching Defaults entries for user on machine: rootpw, listpw=never, timestamp_timeout=60, env_keep+=HOME User user may run the following commands on machine: (ALL) ALL (ALL) NOPASSWD: /bin/false Also I've since upgraded to sudo 1.8.25 and still see the problem, so I've basically given up and concluded that this is a bug in sudo.
sudo -las the user, are there other "Matching Defaults entries" that show up?