How to check if a user has Sudo Rights on Linux

How to check if a user has Sudo Rights on Linux

Sometimes we provide temporary sudo access to a guest user on your server and forget to remove the sudo access.

In some other cases, there are multiple users on the server with sudo access. So, If you want to find out if any user on your server has sudo rights, you can go through this post to learn about it.

Check if you have Sudo Access

If you are wondering whether you have sudo privileges or not, you can run this command to get your sudo status:

# sudo -v

So, in the above example, the user amittal doesn’t have sudo access. Furthermore, you can also run the following command to get more details about your access:

# sudo -l

Check if another user have Sudo Access

There are two methods to check sudo access for the user:

Method 1 : Check with Sudo Command

You can use the sudo command to check if any user has sudo access or not on your server. Also, you can learn about other privileges available for that user:

# sudo -l -U amittal

So, we can clearly see that user amittal is not allowed to run sudo on the server. Therefore, amittal is a normal user on the server.

On the other hand, let’s try with another user zcamp:

Second user zcamp is allowed to run sudo commands and we can get more information about his privileges on the server.

Method 2: Check if the user is a part of ‘Sudo Group’

Sudo Group is another way to provide sudo access for multiple users.

If your user is a member of sudo group, you can check it by running the following command:

# groups aditya

aditya: aditya sudo

So, in this example, we can see that user aditya is a member of sudo group. Therefore, he has sudo privileges.

How to Remove Sudo Access from the user

In the above-mentioned commands, you have learned whether your guest user has sudo access or not.

Now, if you want to remove sudo access from that user, there are two methods.

Method 1: Remove the user from Sudoers file

Most of the times, sudo users are added in /etc/sudoers file. You can go to that file and remove the sudo access from the user:

# sudo nano /etc/sudoers

Simply open the file, remove the user from that list and save the file.

Method 2: Remove the user from Sudo Group

If that guest user is not present in /etc/sudoers file, that means he/she is added in sudo group. You can remove the user from the sudo group as follows:

Verify the Group Membership:
# groups amittal

amittal: amittal sudo

Remove amittal from sudo group:
# gpasswd -d amittal sudo

Verify again
# groups amittal

So, we can see that gpasswd -d command removes the member from the group.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.