View list of sudoers with no sudo privileges

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite
3












  • If I'm not a sudoer, is it possible to view the list of sudoers?

  • Does /etc/group show this information?









share|improve this question



















  • 1




    Well, if a user is in the wheel group, that is often a give-away, but it's not guaranteed. I do not believe /etc/group contains any information specific to the sudoers.
    – HalosGhost
    Jul 6 '14 at 5:17










  • The sudoers information is in neither /etc/group nor /etc/passwd. It is in /etc/sudoers and /etc/sudoers.d/* but those files are typically readable only by root.
    – John1024
    Jul 6 '14 at 5:38














up vote
4
down vote

favorite
3












  • If I'm not a sudoer, is it possible to view the list of sudoers?

  • Does /etc/group show this information?









share|improve this question



















  • 1




    Well, if a user is in the wheel group, that is often a give-away, but it's not guaranteed. I do not believe /etc/group contains any information specific to the sudoers.
    – HalosGhost
    Jul 6 '14 at 5:17










  • The sudoers information is in neither /etc/group nor /etc/passwd. It is in /etc/sudoers and /etc/sudoers.d/* but those files are typically readable only by root.
    – John1024
    Jul 6 '14 at 5:38












up vote
4
down vote

favorite
3









up vote
4
down vote

favorite
3






3





  • If I'm not a sudoer, is it possible to view the list of sudoers?

  • Does /etc/group show this information?









share|improve this question















  • If I'm not a sudoer, is it possible to view the list of sudoers?

  • Does /etc/group show this information?






permissions sudo group






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 29 at 10:43









Jeff Schaller

32.7k849110




32.7k849110










asked Jul 6 '14 at 4:46









boxofchalk1

78128




78128







  • 1




    Well, if a user is in the wheel group, that is often a give-away, but it's not guaranteed. I do not believe /etc/group contains any information specific to the sudoers.
    – HalosGhost
    Jul 6 '14 at 5:17










  • The sudoers information is in neither /etc/group nor /etc/passwd. It is in /etc/sudoers and /etc/sudoers.d/* but those files are typically readable only by root.
    – John1024
    Jul 6 '14 at 5:38












  • 1




    Well, if a user is in the wheel group, that is often a give-away, but it's not guaranteed. I do not believe /etc/group contains any information specific to the sudoers.
    – HalosGhost
    Jul 6 '14 at 5:17










  • The sudoers information is in neither /etc/group nor /etc/passwd. It is in /etc/sudoers and /etc/sudoers.d/* but those files are typically readable only by root.
    – John1024
    Jul 6 '14 at 5:38







1




1




Well, if a user is in the wheel group, that is often a give-away, but it's not guaranteed. I do not believe /etc/group contains any information specific to the sudoers.
– HalosGhost
Jul 6 '14 at 5:17




Well, if a user is in the wheel group, that is often a give-away, but it's not guaranteed. I do not believe /etc/group contains any information specific to the sudoers.
– HalosGhost
Jul 6 '14 at 5:17












The sudoers information is in neither /etc/group nor /etc/passwd. It is in /etc/sudoers and /etc/sudoers.d/* but those files are typically readable only by root.
– John1024
Jul 6 '14 at 5:38




The sudoers information is in neither /etc/group nor /etc/passwd. It is in /etc/sudoers and /etc/sudoers.d/* but those files are typically readable only by root.
– John1024
Jul 6 '14 at 5:38










1 Answer
1






active

oldest

votes

















up vote
7
down vote



accepted










No you're unable to find out whom has access to sudo rights if you yourself do not have access directly. You could possibly "back into it" by seeing what users if any are members of the Unix group "wheel".



Example



This shows that user "saml" is a member of the wheel group.



$ getent group wheel
wheel:x:10:saml


Being a member of the "wheel" group typically allows for full sudo rights through this rule that's often in a systems sudoers file, /etc/sudoers.



## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL


But there are no guarantees that the administrator of a given system decided to give sudo rights out in this manner. The just as easily could've done it like so:



## Allow root to run any commands anywhere 
root ALL=(ALL) ALL
saml ALL=(ALL) ALL


In which case, without sudo rights you could never gain access to a system's /etc/sudoers file to see this entry.



What about /etc/groups



This file only shows users who have a 2nd, 3rd, etc. group associated with them. Often times user accounts only have a single group associated, in which case you'd need to use a slightly different command to find out a given user's primary group:



$ getent passwd saml
saml:x:1000:1000:saml:/home/saml:/bin/bash


Here user "saml" has the primary group 1000. This GID equates to this group:



$ getent group 1000
saml:x:1000:saml


But none of this actually tells you anything as to which user accounts have sudo rights.



Why the big secret?



This is all done to prevent what's known as a side channel attack. Leaking information out, such as which accounts have privileges, would give important information out to a would be attacker, if they were able to gain access to any account on a given system. So often times it's best to mask this info from any non-privileged account.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f140968%2fview-list-of-sudoers-with-no-sudo-privileges%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    7
    down vote



    accepted










    No you're unable to find out whom has access to sudo rights if you yourself do not have access directly. You could possibly "back into it" by seeing what users if any are members of the Unix group "wheel".



    Example



    This shows that user "saml" is a member of the wheel group.



    $ getent group wheel
    wheel:x:10:saml


    Being a member of the "wheel" group typically allows for full sudo rights through this rule that's often in a systems sudoers file, /etc/sudoers.



    ## Allows people in group wheel to run all commands
    %wheel ALL=(ALL) ALL


    But there are no guarantees that the administrator of a given system decided to give sudo rights out in this manner. The just as easily could've done it like so:



    ## Allow root to run any commands anywhere 
    root ALL=(ALL) ALL
    saml ALL=(ALL) ALL


    In which case, without sudo rights you could never gain access to a system's /etc/sudoers file to see this entry.



    What about /etc/groups



    This file only shows users who have a 2nd, 3rd, etc. group associated with them. Often times user accounts only have a single group associated, in which case you'd need to use a slightly different command to find out a given user's primary group:



    $ getent passwd saml
    saml:x:1000:1000:saml:/home/saml:/bin/bash


    Here user "saml" has the primary group 1000. This GID equates to this group:



    $ getent group 1000
    saml:x:1000:saml


    But none of this actually tells you anything as to which user accounts have sudo rights.



    Why the big secret?



    This is all done to prevent what's known as a side channel attack. Leaking information out, such as which accounts have privileges, would give important information out to a would be attacker, if they were able to gain access to any account on a given system. So often times it's best to mask this info from any non-privileged account.






    share|improve this answer
























      up vote
      7
      down vote



      accepted










      No you're unable to find out whom has access to sudo rights if you yourself do not have access directly. You could possibly "back into it" by seeing what users if any are members of the Unix group "wheel".



      Example



      This shows that user "saml" is a member of the wheel group.



      $ getent group wheel
      wheel:x:10:saml


      Being a member of the "wheel" group typically allows for full sudo rights through this rule that's often in a systems sudoers file, /etc/sudoers.



      ## Allows people in group wheel to run all commands
      %wheel ALL=(ALL) ALL


      But there are no guarantees that the administrator of a given system decided to give sudo rights out in this manner. The just as easily could've done it like so:



      ## Allow root to run any commands anywhere 
      root ALL=(ALL) ALL
      saml ALL=(ALL) ALL


      In which case, without sudo rights you could never gain access to a system's /etc/sudoers file to see this entry.



      What about /etc/groups



      This file only shows users who have a 2nd, 3rd, etc. group associated with them. Often times user accounts only have a single group associated, in which case you'd need to use a slightly different command to find out a given user's primary group:



      $ getent passwd saml
      saml:x:1000:1000:saml:/home/saml:/bin/bash


      Here user "saml" has the primary group 1000. This GID equates to this group:



      $ getent group 1000
      saml:x:1000:saml


      But none of this actually tells you anything as to which user accounts have sudo rights.



      Why the big secret?



      This is all done to prevent what's known as a side channel attack. Leaking information out, such as which accounts have privileges, would give important information out to a would be attacker, if they were able to gain access to any account on a given system. So often times it's best to mask this info from any non-privileged account.






      share|improve this answer






















        up vote
        7
        down vote



        accepted







        up vote
        7
        down vote



        accepted






        No you're unable to find out whom has access to sudo rights if you yourself do not have access directly. You could possibly "back into it" by seeing what users if any are members of the Unix group "wheel".



        Example



        This shows that user "saml" is a member of the wheel group.



        $ getent group wheel
        wheel:x:10:saml


        Being a member of the "wheel" group typically allows for full sudo rights through this rule that's often in a systems sudoers file, /etc/sudoers.



        ## Allows people in group wheel to run all commands
        %wheel ALL=(ALL) ALL


        But there are no guarantees that the administrator of a given system decided to give sudo rights out in this manner. The just as easily could've done it like so:



        ## Allow root to run any commands anywhere 
        root ALL=(ALL) ALL
        saml ALL=(ALL) ALL


        In which case, without sudo rights you could never gain access to a system's /etc/sudoers file to see this entry.



        What about /etc/groups



        This file only shows users who have a 2nd, 3rd, etc. group associated with them. Often times user accounts only have a single group associated, in which case you'd need to use a slightly different command to find out a given user's primary group:



        $ getent passwd saml
        saml:x:1000:1000:saml:/home/saml:/bin/bash


        Here user "saml" has the primary group 1000. This GID equates to this group:



        $ getent group 1000
        saml:x:1000:saml


        But none of this actually tells you anything as to which user accounts have sudo rights.



        Why the big secret?



        This is all done to prevent what's known as a side channel attack. Leaking information out, such as which accounts have privileges, would give important information out to a would be attacker, if they were able to gain access to any account on a given system. So often times it's best to mask this info from any non-privileged account.






        share|improve this answer












        No you're unable to find out whom has access to sudo rights if you yourself do not have access directly. You could possibly "back into it" by seeing what users if any are members of the Unix group "wheel".



        Example



        This shows that user "saml" is a member of the wheel group.



        $ getent group wheel
        wheel:x:10:saml


        Being a member of the "wheel" group typically allows for full sudo rights through this rule that's often in a systems sudoers file, /etc/sudoers.



        ## Allows people in group wheel to run all commands
        %wheel ALL=(ALL) ALL


        But there are no guarantees that the administrator of a given system decided to give sudo rights out in this manner. The just as easily could've done it like so:



        ## Allow root to run any commands anywhere 
        root ALL=(ALL) ALL
        saml ALL=(ALL) ALL


        In which case, without sudo rights you could never gain access to a system's /etc/sudoers file to see this entry.



        What about /etc/groups



        This file only shows users who have a 2nd, 3rd, etc. group associated with them. Often times user accounts only have a single group associated, in which case you'd need to use a slightly different command to find out a given user's primary group:



        $ getent passwd saml
        saml:x:1000:1000:saml:/home/saml:/bin/bash


        Here user "saml" has the primary group 1000. This GID equates to this group:



        $ getent group 1000
        saml:x:1000:saml


        But none of this actually tells you anything as to which user accounts have sudo rights.



        Why the big secret?



        This is all done to prevent what's known as a side channel attack. Leaking information out, such as which accounts have privileges, would give important information out to a would be attacker, if they were able to gain access to any account on a given system. So often times it's best to mask this info from any non-privileged account.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jul 6 '14 at 6:04









        slm♦

        239k65494665




        239k65494665



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f140968%2fview-list-of-sudoers-with-no-sudo-privileges%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?