[sudo-users] How to display group sudo rights
AvigdorFin
avigdorfin at gmail.com
Tue Mar 19 08:20:05 MDT 2019
Awesome, thanks!
On Tue, Mar 19, 2019 at 3:06 PM Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> On Tue, 19 Mar 2019 12:44:59 +0200, AvigdorFin wrote:
>
> > When I define a group in sudoers, using %mygroup I expect to see and
> check
> > the group sudo definition.
> > I am not asking about using the group credentials, just to be able to get
> > the report of what this group is permitted to perform with sudo.
> > Reading the help message and the man page, did not help me.
> > I'd like to know if this option is possible at all.
>
> "sudo -l" will display permissions for a single user only. If that
> user is a member of a group that has sudo privileges then those
> privileges will be displayed. The purpose of the -l flag is to let
> a user know what they are allowed to run (or to allow root to see
> what a specific user may run).
>
> However, you may be able to use the cvtsudoers program present in
> recent sudo versions. For example, to see the sudoers rules the
> match group wheel you could do:
>
> $ cvtsudoers -e -f sudoers -m group=wheel /etc/sudoers
> %wheel ALL = (ALL) ALL
>
> > What is the meaning of the help line:
> > usage: sudo -l [-g group] [-h host] ....
> > that I receive when I try
> > sudo -l -g mygroup
> > Maybe there is some undocumented rule to combine some options with the -l
> > -g
> >
> > When I do 'sudo -l -U user', I get the response I expect, but not with
> the
> > '-g group' flag
>
> You can only use "-g group" in conjunction with the -l option when
> testing whether a specific command is allowed. This works:
>
> $ sudo -l -g mygroups id /usr/bin/id
> /usr/bin/id
>
> But this does not:
>
> $ sudo -l -g mygroups
> usage: sudo ...
>
> - todd
>
--
Best Regards,
Avigdor
----
Avigdor Finkelstein
Mobile: +972 (0)54 2278452
Fax: +972 8 9316406
Email: AvigdorFin at g <Avigdor.Finkelstein at tangram-soft.co.il>mail.com
Home Address: P.O.B 187
Rehovot 76101
ISRAEL
More information about the sudo-users
mailing list