How to Know if a User has Sudo Rights
This tutorial shows how to find out if a user is sudoer or not. You'll also learn to list all sudo users on your Linux system.
Wondering if you have sudo rights on your system? It’s easy to verify. Just run any command with sudo. If you don’t have sudo rights, you should see it in the output:
standard@linuxhandbook:~$ sudo -v Sorry, user standard may not run sudo on linuxhandbook.
That’s cool! But what about checking if any other user has got sudo rights? You can totally do that. Let me show you how.
How to test whether a user has sudo privileges or not
There are a few ways to check if a Linux user can use sudo or not. Here are a couple of them.
Method 1: Check if user is sudoer with the sudo command
The sudo command itself gives you an option to check if a user can run commands with sudo or not. In fact, it tells you what commands a certain user can run with sudo.
To check the sudo access for a user, run the following command:
sudo -l -U user_name
If the user can run a few or all commands with sudo, you should see an output like this:
Matching Defaults entries for abhi on test-server: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin User abhi may run the following commands on test-server: (ALL : ALL) NOPASSWD: ALL
As you can see, the user abhi can run all commands with sudo access. If the user doesn’t have sudo rights, you should see an output like this:
User abhi is not allowed to run sudo on test-server.
If you want to check whether or not you have sudoer rights and which commands you can run with sudo, you can use the same command, just don’t provide the user name.
Did you know?
This command also shows what commands are forbidden for you to run with sudo. Yes, that’s right. You can configure what commands can be run with sudo and what cannot. This is useful in an environment where the dev team needs to run only a certain applications with sudo. Limiting their use of sudo to these applications only will help the system from unwarranted misuse of the sudo rights by the hands of the developers.
Method 2: Check if user is part of the sudo group
Another way to find out if a user has sudo access is by checking if the said user is member of the sudo group.
There are several ways to check the groups of a user in Linux. The easiest and my favorite way is to use the groups command like this:
If you see the group ‘sudo’ in the output, the user is a member of the sudo group and it should have sudo access.
abhi@inuxhandbook:~$ groups abhi abhi : abhi sudo
Bonus Tip: How to find all sudo users in your system
Okay, so you learned to check if a user has sudo access or not. How about listing all the sudoers in your Linux systems?
This is simple if you have followed the article so far. All you need to do is to list the members of the sudo group.
In Linux, there are multiple ways to achieve the same result. Unsurprisingly, you have multiple ways to list the members of a group in Linux.
To list all sudo users of your system, list the members of the sudo group in the following manner:
getent group sudo
And this would list all the sudoers:
abhi@linuxhandbook:~$ getent group sudo sudo:x:27:abhi,seeni
That’s it. I hope now you know how to find if you have sudo rights or if other users has sudoer rights.
If you have some other cool tip on this topic, please leave a comment below.