Why does password entering work in a piped sudo command?
Actually, a typical invocation of sudo
does not read the password from stdin
at all. Instead, sudo
will directly access the controlling terminal (a tty
or pty
, via the /dev/tty
special file) and output the prompt and read characters directly. This can be seen in the tgetpass.c
file in the sudo
source.
There are a few other scenarios:
- If an
askpass
program is specified, e.g. in the-A
param, that program will be invoked. - Otherwise, if you specifically request
sudo
to read fromstdin
, e.g. with the-S
flag -- and it will also write the prompt tostderr
. This is the case where MadHatter's answer applies. - Otherwise, if there is no
tty
available- If password echo is disabled (it is by default, controlled by the
visiblepw
flag insudoers
),sudo
will report an error:no tty present and no askpass program specified
- Otherwise,
sudo
will fall back to usingstdin
andstderr
even if it was not specifically requested. MadHatter's answer will also apply here.
- If password echo is disabled (it is by default, controlled by the
The pipe connects sudo cat
's stdout to less
's stdin, so sudo cat
's stdin is unaffected, and able to receive the password.
As for the prompt, it goes out on sudo cat
's stderr; in bash, try redirecting that along with stdout, using
sudo cat /etc/resolv.conf |& less
and see how different the response is.