[sudo-users] How to display group sudo rights
ed-sudo at s5h.net
Mon Mar 18 15:38:22 MDT 2019
On Sun, Mar 17, 2019 at 10:15:21am +0200, AvigdorFin wrote:
> When i use 'sudo -l user' I get the user rights, but
> sudo -g group, always return the help message, with group name or
> group id.
I've always used the list function like this:
sudo -l -U user1
> I could not figure how to see the group rights, when I define the
> rights to a group in the sudoers files.
I don't think there is a way to list against a group. Groups don't
execute commands as such, the users who are assigned to groups do. So,
although a group may have /bin/bash assigned, the end user may have
!/bin/bash assigned and would be unable to run that.
The -g flag is to configure the primary group that you run the command
$ sudo -g thing -u root /bin/bash -c 'touch /tmp/f && ls -al /tmp/f &&
-rw-r--r-- 1 root thing 0 Mar 18 21:14 /tmp/f
So when inspecting the privileges that are doled out, I normally go
through passwd and run the command at the top to list what they can run
as group entries alone may not show the full picture.
More information about the sudo-users