List all sudo o super user linux

 

9 Answers

Sorted by:

                                              Highest score (default)                                                                   Date modified (newest first)                                                                   Date created (oldest first)                              

133

If you just need to list the sudoers listed in the sudo group, I think that the best way to do it would be to run this command (which should be computationally lighter than any of the other commands in this answer):

grep -Po '^sudo.+:\K.*$' /etc/group

Also as suggested in the comments by muru, the format of the entries in /etc/group can be easily handled by cut:

grep '^sudo:.*$' /etc/group | cut -d: -f4

Also again as suggested in the comments by muru, one can use getent in place of grep:

getent group sudo | cut -d: -f4

Any of these commands will print all the users listed in the sudo group in /etc/group (if any).

Command #1 breakdown:

• grep: Prints all the lines matching a regex in a file
• -P: makes grep match Perl-style regexes
• o: makes grep print only the matched string
• '^sudo.+:\K.*$': makes grep match the regex between the quotes

Regex #1 breakdown:

• Any character or group of characters not listed matches the character or the group of characters itself
• ^: start of line
• .+: one or more characters
• \K: discard the previous match
• .*: zero or more characters
• $: end of line

Command #2 breakdown:

• grep: Prints all the lines matching a regex in a file
• '^sudo.+:\K.*$': makes grep match the regex between the quotes
• cut: Prints only a specified section of each line in a file
• -d:: makes cut interpret : as a field delimiter
• -f4: makes cut print only the fourth field

Regex #2 breakdown:

• Any character or group of characters not listed matches the character or the group of characters itself
• ^: start of line
• .*: zero or more characters
• $: end of line

Share

Improve this answer

edited Apr 20, 2015 at 14:55

answered Apr 20, 2015 at 11:57

kos

34.8k1313 gold badges9797 silver badges149149 bronze badges

• 6
  -1: this won't catch other users or groups who may have been added to sudoers, or external sources like LDAP, and boy is it an ugly way to do this. getent group sudo | cut -d: -f4, or use awk, but either way remember that group and passwd have fixed formats, with delimiters. 

  – muru

   Apr 20, 2015 at 13:06 
• @muru You're right, I updated my answer 

  – kos

   Apr 20, 2015 at 13:47
• @kos Also note the you really should use getent group - you don't need the grep at all. getent group foo is like grep foo /etc/group, but more capable. 

  – muru

   Apr 20, 2015 at 13:51
• @muru I didn't know getent at all, any tought on how grep and getent compare computationally? Would it be lighter to run getent? 

  – kos

   Apr 20, 2015 at 14:02
• 1
  This answer assumes that all sudoers are members of the sudo group. Some unixes have other groups such as wheel. The answer by @muru will include all sudoers no matter what groups they are in. 

  – Simon Woodside

   Mar 14, 2017 at 6:17

Show 5 more comments

40

As it stated here I consider the simpliest way to discover with -l & -U options together, just type users it will list e.g.: John then:

If the user has sudo access, it will print the level of sudo access for that particular user:

  sudo -l -U John
  User John may run the following commands on this host:
     (ALL : ALL) ALL

If the user don't have sudo access, it will print that a user is not allowed to run sudo on localhost:

   sudo -l -U John
   User John is not allowed to run sudo on localhost.