In this tutorial, we will learn about how to check if a user has sudo rights in Linux operating system. In Linux, there are different user accounts created for different Linux user, each having its own credential and set to privileges. This ensures that each user has access only to its own work directory unless some special right are given. But sometime we come across a need or requirement where we do require special privilege to execute some command which can not be executed as regular user.
For example, if you want to enable key based login for your system, you need the right permission to the file located at /etc/ssh/ssh_config to enable the key based login parameter. We know that /etc folder is owned by root user. So either root privilege or sudo privilege will be required to make this change. We will cover various ways to check if a certain user has the sudo privilege or not. So let’s begin the tutorial.
How to Check if a User has Sudo Rights in Linux- linuxnasa
There are few ways to check if a specific user has the sudo privileges or not. Let us see and understand each method in the upcoming sections.
Check for Current User
When you connect to a Linux system, you get logged in as some user. This is called default login user. To check if default login user has the sudoers right or not, we will execute a command which requires root privilege or sudo privilege. For example, installing any package using package manager in Linux requires sudo privilege. Without sudo privilege, installation will fail.
In the below example, I am logged in as stack user. Let us install a package called ‘nmap’ in the system as stack user. We will add sudo keyword in front of the installation command as shown below.
[stack@linuxnasa ~]$ sudo yum install -y nmap Loaded plugins: copr, fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 31 kB 00:00:00 .............................................................. ................................................................ ................................................................ ---> Package nmap.x86_64 2:6.40-19.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Installing: nmap x86_64 2:6.40-19.el7 base 3.9 M Transaction Summary ================================================================================================================================== Install 1 Package Total download size: 3.9 M Installed size: 16 M Downloading packages: nmap-6.40-19.el7.x86_64.rpm | 3.9 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 2:nmap-6.40-19.el7.x86_64 1/1 Verifying : 2:nmap-6.40-19.el7.x86_64 1/1 Installed: nmap.x86_64 2:6.40-19.el7 Complete!
As you see the output above, stack user is able to install the nmap package in the system. This indicates that the default login user has the sudo privileges.
Now let us try to install the nmap package again but with different user. This time I will switch to another user in my system called nasa user and try to install the same package as shown below.
[abhi@linuxnasa ~]$ sudo yum install -y nmap [sudo] password for abhi: abhi is not in the sudoers file. This incident will be reported.
As you see the output above , it reports that the nasa user is not added in the sudoers file which means it does not have the sudo privileges. Hence the package installation will fail as nasa user.
Check for Other Users
There are CLI commands available which helps us to check if any other user (apart from default login user) has the sudo privileges or not. We can do this in couple of ways. Let us look at below methods to see if a certain user in our system had the sudo privilege or not.
Way-1: Using ‘sudo -l -U’ Command
To check if a specific user has the sudo right or not, use sudo -l -U <username> command. If you get the output similar to shown below, that means the user has the sudo privilege. In the below example, I am checking if nasa user has the sudo privilege or not.
[stack@linuxnasa ~]$ sudo -l -U nasa Matching Defaults entries for nasa on linuxnasa: !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", env_keep+="http_proxy https_proxy ftp_proxy no_proxy", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User nasa may run the following commands on linuxnasa: (ALL) ALL
If you get below output, that means a specific user (here user is abhi ) does not have the sudo privilege.
[stack@linuxnasa ~]$ sudo -l -U abhi User abhi is not allowed to run sudo on linuxnasa.
Way-2: Using ‘groups’ Command
Another way to check if a user is added in the sudoers group or not, execute below command. If the output shows that the user is added in the wheel group, that means it has the sudo privileges. In the below example, again I am checking if nasa user is added in the wheel group or not.
[stack@linuxnasa ~]$ groups nasa nasa : nasa wheel docker
If it does not show the wheel group, then that user does not have the sudo privilege. Here in below command, I am checking if abhi user is added in wheel group or not.
[stack@linuxnasa ~]$ groups abhi abhi : abhi
We have learnt couple of ways to figure out if a user is added in a sudo group or not. It becomes useful when you try to execute some command but it fails due to sudo restriction. In any such case, you can easily check on user if it really holds the sudo rights or not using any of the above method.