How to check if a normal user has super user privileges

I want to check if a normal user has super user privileges(means root privileges). My OS is RHEL 6 and i checked /etc/passwd configuration file, but no use. Please tell me any method to find the current privileges of users in the Linux Machine.


Solution 1:

In the past root model in Unix world was easy. uid 0, you are root and you have full power to everything. Things have changed a bit, though.

suid bit

Files can be granted with suid bit so they can be run as root even by ordinary users. OK, this might have been in the original Unix. :-)

groups

If a user belongs to group 0, he might not have full root privileges but still might see lots of stuff not meant to see. Also in some distributions wheel group is something to keep your eye on - users belonging to that group can su their way to root if they know the root password.

sudo

In addition to traditional su, the sudo command allows one to restrict certain users/groups to perform only some commands as root. Check that out with visudo.

ssh access

With ssh it's possible to generate an ssh key with which you can connect as root, but only use commands x, y and z. This is generally used in tasks like backup, where the backup process must have access to every file in system.

capabilities

Linux kernel has gained capabilities which can grant access to certain subsystems such as network interfaces or block devices. See this list.

SELinux roles

If security framework SELinux is enabled in your system, also SELinux has role-based access. See Fedora's guide about SELinux.

Solution 2:

Superuser privileges are given by being UID (userid) 0. grep for the user from the /etc/password file. The first numeric field after the user is the UID and the second is the GID (groupid). If the user is not UID 0, they do not have root privileges. This does not cover extra permissions they may have by being in an appropriate group (wheel, nobody, etc), but those are not superuser. If you are still uncertain as to what this user can and cannot do, simply su to that user (su - username) and see what you can do. Can you touch a file in a directory you do not own? If not, you are not superuser. I hope this helped.

ex: nobody:x:99:45:Nobody:/:/sbin/nologin

Nobody is the username, 99 is the uid, 45 is the gid.

Solution 3:

A user can gain indirect "superuser" rights by giving the right through a program called sudo.

With sudo you can specify which user or which group can execute certain programs with superuser privileges.

Solution 4:

A user usually has no super user privileges. But there are 3 ways that came to my mind that a normal user (i.e. UID != 0) can get root privilieges.

  1. He executes something with s-bit from root. You can find that by searching your whole filesystem for such files (use find).
  2. He changes userid (su command) - but that can every user do, as long as he knows the root password (so give none your root password to prohibit it).
  3. sudo. Just check /etc/sudoers which users are allowed to executed what with root permissions.