How could I list all super users?

command-line sudo

I want a command to list all users who have root privileges i.e. sudo ?

Suppose I'm a sudoer user. How could I know all other sudoer users?


Solution 1:

If you just need to list the sudoers listed in the sudo group, I think that the best way to do it would be to run this command (which should be computationally lighter than any of the other commands in this answer):

grep -Po '^sudo.+:\K.*$' /etc/group

Also as suggested in the comments by muru, the format of the entries in /etc/group can be easily handled by cut:

grep '^sudo:.*$' /etc/group | cut -d: -f4

Also again as suggested in the comments by muru, one can use getent in place of grep:

getent group sudo | cut -d: -f4

Any of these commands will print all the users listed in the sudo group in /etc/group (if any).

Command #1 breakdown:

  • grep: Prints all the lines matching a regex in a file
  • -P: makes grep match Perl-style regexes
  • o: makes grep print only the matched string
  • '^sudo.+:\K.*$': makes grep match the regex between the quotes

Regex #1 breakdown:

  • Any character or group of characters not listed matches the character or the group of characters itself
  • ^: start of line
  • .+: one or more characters
  • \K: discard the previous match
  • .*: zero or more characters
  • $: end of line

Command #2 breakdown:

  • grep: Prints all the lines matching a regex in a file
  • '^sudo.+:\K.*$': makes grep match the regex between the quotes
  • cut: Prints only a specified section of each line in a file
  • -d:: makes cut interpret : as a field delimiter
  • -f4: makes cut print only the fourth field

Regex #2 breakdown:

  • Any character or group of characters not listed matches the character or the group of characters itself
  • ^: start of line
  • .*: zero or more characters
  • $: end of line

Solution 2:

As it stated here I consider the simpliest way to discover with -l & -U options together, just type users it will list e.g.: John then:

If the user has sudo access, it will print the level of sudo access for that particular user:

  sudo -l -U John
  User John may run the following commands on this host:
     (ALL : ALL) ALL

If the user don't have sudo access, it will print that a user is not allowed to run sudo on localhost:

   sudo -l -U John
   User John is not allowed to run sudo on localhost.

Solution 3:

Expanding on the sudo -l -U test, one can use getent passwd to determine the users who can use sudo. Using getent allows us to access users who may not be present in the passwd file, such as LDAP users:

getent passwd | cut -f1 -d: | sudo xargs -L1 sudo -l -U | grep -v 'not allowed'

sudo -U does not return a non-zero exit value that we could take advantage of, so we are reduced to grepping the output.

Solution 4:

As it has already been stated, the answer can be found on Unix & Linux Stack Exchange:

This shows that user "saml" is a member of the wheel group.

$ getent group wheel
wheel:x:10:saml

The only difference is that the group in Ubuntu is not wheel, but sudo (or admin in older versions of Ubuntu). So the command becomes:

getent group sudo

Solution 5:

Command:

cat /etc/group | grep sudo

Output:

sudo:x:27:Tom,Stacy

Tom, Stacy are the users with sudo privileges.

Related

Keyboard shortcut to move windows between monitors?
How to save a file using nano
Ubuntu 14.10 does not install in virtualbox
How/Where do I check my ubuntu laptops's CPU usage?
Unable to install "<PACKAGE>": snap "<PACKAGE>" has "install-snap" change in progress
Changing colors for user, host, directory information in terminal command prompt
How can I send a custom desktop notification?
How to remove a user from a group?
How do I get add-apt-repository to work through a proxy?
How to measure GPU usage?
How to remove Postgres from my installation?
How can I limit battery charging to 80% capacity?