As a Linux administrator, you must know how to add, delete and grant sudo privileges to users. Sometimes you might have given temporary sudo access to a normal user to install a software or do certain administrative task on his/her own. Over the time, we might forget to revoke the sudo privileges. So, it is good practice to check how many super users are in your Linux system from time to time. If there are any forgotten or unwanted sudo access, you can simply revoke them. This brief guide explains how to find all sudo users in Linux and Unix-like operating systems.
List sudo users in Linux
Let us first list all users in the system. To do so, run:
$ awk -F':' '{ print $1}' /etc/passwdSample output from my Ubuntu system:
root daemon bin sys sync games man lp mail news uucp proxy www-data backup list irc gnats nobody systemd-timesync systemd-network systemd-resolve systemd-bus-proxy syslog _apt lxd messagebus uuidd dnsmasq sshd sk senthil kumar ostechnix
Another way to list all users in a Linux system is:
$ compgen -u
Now let us find only the sudo or super users in our Linux system with command:
$ grep '^sudo:.*$' /etc/group | cut -d: -f4 sk,ostechnix
You can also use "getent" command instead of "grep" to get the same result.
$ getent group sudo | cut -d: -f4 sk,ostechnix
As you see in the above output, "sk" and "ostechnix" are the sudo users in my system.
Find if an user has sudo privileges
We know now how to find all sudo users in our Linux system. How to find whether a certain user has sudo privilege or not? That's easy!
To find if an user is sudo user, simply run
$ sudo -l -U sk
Sample output:
Matching Defaults entries for sk on ubuntuserver: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin User sk may run the following commands on ubuntuserver: (ALL : ALL) ALL
As you see, the user named "sk" can perform all commands. So, he is in the sudo group.
Let us check another user.
$ sudo -l -U senthil
Sample output:
User senthil is not allowed to run sudo on ubuntuserver.
Well, the user "senthil" is not allowed to run sudo. He is just a normal user!
We can also find if an user has sudo access by running the following command:
$ sudo -nv
If you get nothing as output, the user has sudo access.
If you see an output like below, then the user doesn't has sudo access.
$ sudo -nv Sorry, user senthil may not run sudo on ubuntuserver.
Suggested read:
2 comments
Thanks a lot! “compgen -u” did it for me!
I’m using this script to find out sudo users, and then call this script with ansible and fetch the files.
Script:
#!/bin/bash
FILEPATH=”/tmp”
USRFILE=$FILEPATH/userlist.txt
GRPFILE=$FILEPATH/grouplist.txt
USRSD=$FILEPATH/userrights.txt
GRPSD=$FILEPATH/grouprights.txt
SUDOUSERS=$FILEPATH/adminuser.txt
#rm -rf $SUDOUSERS 2>&1
grep -v ‘#’ /etc/sudoers | awk ‘{print $1}’ | sed ‘s/Defaults//g’ | sed ‘/^$/d’ >> $USRFILE
for id in `cat $USRFILE`;do
echo “$id” >> $USRSD
done
sed -i ‘/%/d’ $USRSD
grep “[] % []” $USRFILE | tr -d ‘%’ >> $GRPFILE
for grp in `cat $GRPFILE`;do
groupmems -g $grp -l >> $GRPSD
done
cat $USRSD $GRPFILE >> $SUDOUSERS
rm -rf $USRFILE $GRPFILE $USRSD $GRPSD 2>&1
Ansible Play:
– name: Get Sudo Users and Write to File
hosts: web
become: yes
gather_facts: yes
tasks:
– name: Get sudo users
script: /home/thor/ansible/script.sh
args:
executable: /bin/bash
– name: Fetch Files from Systems
fetch:
src: /tmp/adminuser.txt
dest: /tmp/sudo_users-{{ inventory_hostname }}
flat: yes