[sudo-users] sudo -l -G group
pjcp64 at gmail.com
Wed Mar 18 20:52:44 MDT 2020
I'm trying to cleanup user sudo permissions so they are more restrictive...
always a good goal.
I can do a sudo -l -U user and get what they have access to, but it would
be ever so useful to be able to lookup the group permissions too ( i.e.
kill lots of birds with one stone. ).
Part of it is that User_A can become User_B who can become User_C, but
there isn't an easy way to trace it through the groups themselves.
Here's an example:
jdoe is part of the dba group:
The dba group can do what?
It'll show in jdoe's sudo -l results, but it's be great to look at the dba
group as a whole as say "you know, they probably shouldn't be able to vi
any file as root". ( ie. sudo -l -G dba ).
Would that be a simple feature to add?
More information about the sudo-users