How to check if I have sudo access?
I recently got into trouble because of this.
$sudo vim /etc/motd
[sudo] password for bruce:
bruce is not in the sudoers file. This incident will be reported.
Is there a way to check if I have sudo access or not?
Solution 1:
Run sudo -v
. It is usually used to extend your sudo password timeout, but can be used for determining whether you have any sudo
privileges.
$ sudo -v
Sorry, user [username] may not run sudo on [hostname].
Man page excerpt:
If given the -v (validate) option, sudo will update the user’s time stamp, prompting for the user’s password if necessary. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.
If your user is only allowed to run specific commands, this command will work, indicating you are allowed to run something with different privileges. While the message looks different when trying to execute a command you're not allowed to in this case (and no mail is sent to root), it's still possible you'll get into trouble if the admins read /var/log/secure
.
$ sudo ls
[sudo] password for [username]:
Sorry, user [username] is not allowed to execute '/bin/ls' as root on [hostname].
To find out what you're allowed to run with different privileges, you can use sudo -l
. Note that this command requires you to enter your password.
Solution 2:
This is very simple. Run sudo -l
. This will list any sudo privileges you have.
Solution 3:
Gerald Schade's answer here, can still be improved!
Use
prompt=$(sudo -nv 2>&1)
if [ $? -eq 0 ]; then
# exit code of sudo-command is 0
echo "has_sudo__pass_set"
elif echo $prompt | grep -q '^sudo:'; then
echo "has_sudo__needs_pass"
else
echo "no_sudo"
fi
Here's a complete example of usage in a script:
#!/usr/bin/env bash
is_root () {
return $(id -u)
}
has_sudo() {
local prompt
prompt=$(sudo -nv 2>&1)
if [ $? -eq 0 ]; then
echo "has_sudo__pass_set"
elif echo $prompt | grep -q '^sudo:'; then
echo "has_sudo__needs_pass"
else
echo "no_sudo"
fi
}
elevate_cmd () {
local cmd=$@
HAS_SUDO=$(has_sudo)
case "$HAS_SUDO" in
has_sudo__pass_set)
sudo $cmd
;;
has_sudo__needs_pass)
echo "Please supply sudo password for the following command: sudo $cmd"
sudo $cmd
;;
*)
echo "Please supply root password for the following command: su -c \"$cmd\""
su -c "$cmd"
;;
esac
}
if is_root; then
echo "Error: need to call this script as a normal user, not as root!"
exit 1
fi
elevate_cmd which adduser
Solution 4:
Here is the script-friendly version:
timeout 2 sudo id && echo Access granted || echo Access denied
since it won't stuck on the password input if you do not have the sudo
access.
You can also set it in a variable like:
timeout 2 sudo id && sudo="true" || sudo="false"
echo "$sudo"
Note: On macOS, you need to install coreutils
, e.g. brew install coreutils
.
Solution 5:
For me, 'sudo -v
' and 'sudo -l
' did not work in a script because sometimes interactive (asking me for a password, like mentioned above).
'sudo -n -l
' did also not work, it gave the exit code '1' although I have sudo permissions, because of the missing password.
But extending the command to:
A=$(sudo -n -v 2>&1);test -z "$A" || echo $A|grep -q asswor
was successful for me for the script.
This expression gives 0
if the current user can call 'sudo' and 1
if not.
Explanation:
The additional parameter -n
to sudo
prevents interactivity.
The output $A
of the command 'sudo -n -v 2>&1
' may be:
- empty (in this case, sudo can be called by the current user), or:
- a note that the current user is not authorized for sudo, or:
- a question text for the password (in this case, the user is authorized).
("asswor" will fit for an english "password" as well as for a German "Passwort").