How to Check if a User has Sudo Rights in Linux

How to Check if a User has Sudo Rights in Linux- linuxnasa

In this tutorial, we will learn about how to check if a user has sudo rights in Linux operating system. In Linux, there are different user accounts created for different Linux user, each having its own credential and set to privileges. This ensures that each user has access only to its own work directory unless some special right are given. But sometime we come across a need or requirement where we do require special privilege to execute some command which can not be executed as regular user.

For example, if you want to enable key based login for your system, you need the right permission to the file located at /etc/ssh/ssh_config to enable the key based login parameter. We know that /etc  folder is owned by root user. So either root privilege or sudo privilege will be required to make this change. We will cover various ways to check if a certain user has the sudo privilege or not. So let’s begin the tutorial.

 

How to Check if a User has Sudo Rights in Linux- linuxnasa

Also Read: List All Running Services in Linux: [Using 4 Tools]

There are few ways to check if a specific user has the sudo privileges or not. Let us see and understand each method in the upcoming sections.

Check for Current User

When you connect to a Linux system, you get logged in as some user. This is called default login user. To check if default  login  user has the sudoers right or not, we will execute a command which requires root privilege or sudo privilege. For example, installing any package using package manager in Linux requires sudo privilege. Without sudo privilege, installation will fail.

In the below example, I am logged in as stack user. Let us install a package called  ‘nmap’ in the system as stack user. We will add sudo keyword in front of the installation command as shown below.

[stack@linuxnasa ~]$ sudo yum install -y nmap
Loaded plugins: copr, fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 31 kB 00:00:00
..............................................................

................................................................

................................................................

---> Package nmap.x86_64 2:6.40-19.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================
Installing:
nmap x86_64 2:6.40-19.el7 base 3.9 M

Transaction Summary
==================================================================================================================================
Install 1 Package

Total download size: 3.9 M
Installed size: 16 M
Downloading packages:
nmap-6.40-19.el7.x86_64.rpm | 3.9 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 2:nmap-6.40-19.el7.x86_64 1/1
Verifying : 2:nmap-6.40-19.el7.x86_64 1/1

Installed:
nmap.x86_64 2:6.40-19.el7

Complete!

As you see the output above, stack user is able to install the nmap package in the system. This indicates that the default login user has the sudo privileges.

 

Now let us try to install the nmap package again but with different user. This time I will switch to another user in my system called  nasa user and try to install the same package as shown below.

[abhi@linuxnasa ~]$ sudo yum install -y nmap

[sudo] password for abhi:
abhi is not in the sudoers file. This incident will be reported.

As you see the output above , it reports that the nasa user is not added in the sudoers file which means it does not have the sudo privileges. Hence the package installation will fail as nasa user.

 

Check for Other Users

There are CLI  commands available which helps us to check if any other user (apart from default login user) has the sudo privileges or not. We can do this in couple of ways. Let us look at below methods to see if a certain user in our system had the sudo privilege or not.

 

Way-1: Using ‘sudo -l -U’ Command

To check if a specific user has the sudo right or not, use sudo -l -U <username> command. If you get the output similar to shown below, that means the user has the sudo privilege. In the below example, I am checking if nasa user has the sudo privilege or not.

[stack@linuxnasa ~]$ sudo -l -U nasa
Matching Defaults entries for nasa on linuxnasa:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME
HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", env_keep+="http_proxy https_proxy ftp_proxy no_proxy",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User nasa may run the following commands on linuxnasa:
(ALL) ALL

 

If you get below output, that means a specific user (here user is abhi ) does not have the sudo privilege.

[stack@linuxnasa ~]$ sudo -l -U abhi
User abhi is not allowed to run sudo on linuxnasa.

 

Way-2: Using ‘groups’ Command

Another way to check if a user is added in the sudoers group or not, execute below command. If the output shows that the user is added in the wheel group, that means it has the sudo privileges. In the below example, again I am checking if nasa user is added in the wheel group or not.

[stack@linuxnasa ~]$ groups nasa
nasa : nasa wheel docker

 

If it does not show the wheel group, then that user does not have the sudo privilege. Here in below command, I am checking if abhi user is added in wheel group or not.

[stack@linuxnasa ~]$ groups abhi
abhi : abhi

 

Summary

We have learnt couple of ways to figure out if a user is added in a sudo group or not. It becomes useful when you try to execute some command but it fails due to sudo restriction. In any such case, you can easily check  on user if it really holds the sudo rights or not using any of the above method.

 

Leave a Comment