[sudo-users] sudo -l -G group

Thomas Harrison pjcp64 at gmail.com
Wed Mar 18 20:52:44 MDT 2020


I'm trying to cleanup user sudo permissions so they are more restrictive...
always a good goal.
I can do a sudo -l -U user and get what they have access to, but it would
be ever so useful to be able to lookup the group permissions too ( i.e.
kill lots of birds with one stone. ).

Part of it is that User_A can become User_B who can become User_C, but
there isn't an easy way to trace it through the groups themselves.

Here's an example:
jdoe is part of the dba group:
The dba group can do what?

It'll show in jdoe's sudo -l results, but it's be great to look at the dba
group as a whole as say "you know, they probably shouldn't be able to vi
any file as root".  ( ie. sudo -l -G dba ).

Would that be a simple feature to add?

Thanks.

Thom


More information about the sudo-users mailing list