check if user has sudo access

How to Check if User Has Sudo Access

Team Fedingo

Sudo users are privileged users in Linux that have special permissions and access to run many more commands than a regular user. If you don’t have sudo access you may not be able to run commands and scripts that require administrative privileges. In this article, we will learn how to check if user has sudo access.


How to Check if User Has Sudo Access

The simplest way to check if you have sudo access is to run any command with sudo. Here is an example

$ sudo -v

If you don’t have sudo access, you will see the following output message. In the following message, <username> will be the username you have logged in as, and <host>will be the hostname or ip of your Linux system.

Sorry, user <username> may not run sudo on <host>.

However, the above command allows you to check only if you have sudo privileges or not. It does not allow you to check whether another user has sudo access or not. There are several ways to do this. We will look at them one by one.


1. Using sudo command

You can check if a user has sudo access using sudo command itself, but with options -l and -U as shown below.

$ sudo -l -U user_name

It will also show what commands the specific user can run on your system. Here’s a sample output of the command.

$ sudo -l -U ubuntu
Matching Defaults entries for ubuntu on test-server:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User ubuntu may run the following commands on test-server:
    (ALL : ALL) NOPASSWD: ALL

As per the above output, user ubuntu can run all commands that require sudo access. If user does not have sudo access, you will get the following output.

User ubuntu is not allowed to run sudo on test-server.

If you want to do the same thing, that is, check what commands you can run, issue the above command, without specifying the username.

$ sudo -l


2. Using Sudo Groups

Every user that has sudo access is a part of sudo user group in Linux. So you can simply check if the given user is part of this sudo user group.

You can easily use groups command to list all the groups a user belongs to. If you see the keyword sudo next to username, in the output, it means the user has sudo access.

$ groups ubuntu
ubuntu: ubuntu sudo

All groups & their members are listed in /etc/group file. You can run the following command to list all the members of a group.

grep '^group_name:.*$' /etc/group | cut -d: -f4

Since we are looking for members of group with name sudo, you can run the following command to get sudo users.

$ grep '^sudo:.*$' /etc/group | cut -d: -f4
ubuntu
test_user
...

In the above command, we use group command to look for rows containing information about sudo group. Each row looks like the following, that is, 4 values with colon(:) delimiter. In this output, the last column is username, the first column is the group name.

sudo:x:4:ubuntu

We then pipe grep command’s output to cut command, specify colon (:) as our delimiter, and extract the 4th column, that is the username. So you will see the usernames present in group sudo

ubuntu
test_user
...

You can run the above commands on terminal to check if you have sudo access, or add them to your shell script to automatically check these things, and proceed with script execution.

Also read:

How to Combine JSON Files to CSV in Python
How to Convert JSON to CSV in Python
How to Find All Sudo Users in Linux
How to Check if Program Exists in Shell
How to Insert Text At the Beginning of File

Related posts:

Grep Exclude Directory & Files
How to Synchronize Time with NTP in Linux
How to Create Shared Folders in Linux
How to Redirect Nohup Output to File
How to Setup Rsyslog with MySQL
How to Install or Upgrade Software from Unsupported Release in Ubuntu
How to Copy Files from Linux to S3 bucket
How to Convert Image to Pdf in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *