[sudo-users] How to display group sudo rights
Ed Neville
ed-sudo at s5h.net
Mon Mar 18 15:38:22 MDT 2019
Hello Avigdor,
On Sun, Mar 17, 2019 at 10:15:21am +0200, AvigdorFin wrote:
> When i use 'sudo -l user' I get the user rights, but
> sudo -g group, always return the help message, with group name or
> group id.
I've always used the list function like this:
sudo -l -U user1
> I could not figure how to see the group rights, when I define the
> rights to a group in the sudoers files.
I don't think there is a way to list against a group. Groups don't
execute commands as such, the users who are assigned to groups do. So,
although a group may have /bin/bash assigned, the end user may have
!/bin/bash assigned and would be unable to run that.
The -g flag is to configure the primary group that you run the command
as:
$ sudo -g thing -u root /bin/bash -c 'touch /tmp/f && ls -al /tmp/f &&
rm /tmp/f'
-rw-r--r-- 1 root thing 0 Mar 18 21:14 /tmp/f
So when inspecting the privileges that are doled out, I normally go
through passwd and run the command at the top to list what they can run
as group entries alone may not show the full picture.
--
Best regards,
Ed http://www.s5h.net/
More information about the sudo-users
mailing list