Why does password entering work in a piped sudo command?

terminal linux sudo file-descriptors

Actually, a typical invocation of sudo does not read the password from stdin at all. Instead, sudo will directly access the controlling terminal (a tty or pty, via the /dev/tty special file) and output the prompt and read characters directly. This can be seen in the tgetpass.c file in the sudo source.

There are a few other scenarios:

  • If an askpass program is specified, e.g. in the -A param, that program will be invoked.
  • Otherwise, if you specifically request sudo to read from stdin, e.g. with the -S flag -- and it will also write the prompt to stderr. This is the case where MadHatter's answer applies.
  • Otherwise, if there is no tty available
    • If password echo is disabled (it is by default, controlled by the visiblepw flag in sudoers), sudo will report an error: no tty present and no askpass program specified
    • Otherwise, sudo will fall back to using stdin and stderr even if it was not specifically requested. MadHatter's answer will also apply here.

The pipe connects sudo cat's stdout to less's stdin, so sudo cat's stdin is unaffected, and able to receive the password.

As for the prompt, it goes out on sudo cat's stderr; in bash, try redirecting that along with stdout, using

sudo cat /etc/resolv.conf |& less

and see how different the response is.

Related

Terraform - Use nested loops with count
What makes a private IP address not routable?
How can I remove specific events from the event log in Windows Server 2008?
Anti-static wrist straps: are they worth it?
FreeBSD vs Linux performance? [closed]
Span on multiple monitors when logged into a Citrix session via Citrix Receiver (or Citrix server)
Running apt-get autoremove with ansible
Resolving to virtual host very slow on Mac OS X Lion
Bash script count down 5 minutes display on single line [closed]
Is it reasonable to use NFS on a production web server?
Where is apc.php?
How do I turn off the beep in the terminal in Linux? [closed]