[sudo-users] How to display group sudo rights

[AvigdorFin]

Awesome, thanks!

On Tue, Mar 19, 2019 at 3:06 PM Todd C. Miller <Todd.Miller at sudo.ws> wrote:

> On Tue, 19 Mar 2019 12:44:59 +0200, AvigdorFin wrote:
>
> > When I define a group in sudoers, using %mygroup I expect to see and
> check
> > the group sudo definition.
> > I am not asking about using the group credentials, just to be able to get
> > the report of what this group is permitted to perform with sudo.
> > Reading the help message and the man page, did not help me.
> > I'd like to know if this option is possible at all.
>
> "sudo -l" will display permissions for a single user only.  If that
> user is a member of a group that has sudo privileges then those
> privileges will be displayed.  The purpose of the -l flag is to let
> a user know what they are allowed to run (or to allow root to see
> what a specific user may run).
>
> However, you may be able to use the cvtsudoers program present in
> recent sudo versions.  For example, to see the sudoers rules the
> match group wheel you could do:
>
>     $ cvtsudoers -e -f sudoers -m group=wheel /etc/sudoers
>     %wheel ALL = (ALL) ALL
>
> > What is the meaning of the help line:
> > usage: sudo -l [-g group]  [-h host] ....
> > that I receive when I try
> > sudo -l -g mygroup
> > Maybe there is some undocumented rule to combine some options with the -l
> > -g
> >
> > When I do 'sudo -l -U user', I get the response I expect, but not with
> the
> > '-g group' flag
>
> You can only use "-g group" in conjunction with the -l option when
> testing whether a specific command is allowed.  This works:
>
> $ sudo -l -g mygroups id /usr/bin/id
> /usr/bin/id
>
> But this does not:
>
> $ sudo -l -g mygroups
> usage: sudo ...
>
>  - todd
>


-- 
Best Regards,
Avigdor
----
Avigdor Finkelstein
Mobile: +972 (0)54 2278452
Fax: +972 8 9316406

Email:   AvigdorFin at g <Avigdor.Finkelstein at tangram-soft.co.il>mail.com
Home Address: P.O.B 187
              Rehovot 76101
              ISRAEL