[sudo-users] How to display group sudo rights

Ed Neville ed-sudo at s5h.net
Mon Mar 18 15:38:22 MDT 2019

Hello Avigdor,

On Sun, Mar 17, 2019 at 10:15:21am +0200, AvigdorFin wrote:
> When i use 'sudo -l user' I get the user rights, but
> sudo -g group, always return the help message, with group name or 
> group id.

I've always used the list function like this:

  sudo -l -U user1

> I could not figure how to see the group rights, when I define the 
> rights to a group in the sudoers files.

I don't think there is a way to list against a group. Groups don't 
execute commands as such, the users who are assigned to groups do. So, 
although a group may have /bin/bash assigned, the end user may have 
!/bin/bash assigned and would be unable to run that.

The -g flag is to configure the primary group that you run the command 

  $ sudo -g thing -u root /bin/bash -c 'touch /tmp/f && ls -al /tmp/f && 
  rm /tmp/f'
  -rw-r--r-- 1 root thing 0 Mar 18 21:14 /tmp/f

So when inspecting the privileges that are doled out, I normally go 
through passwd and run the command at the top to list what they can run 
as group entries alone may not show the full picture.

Best regards,
Ed http://www.s5h.net/

More information about the sudo-users mailing list