How to check if a user has Sudo Rights on Linux
Sometimes we provide temporary sudo access to a guest user on your server and forget to remove the sudo access.
In some other cases, there are multiple users on the server with sudo access. So, If you want to find out if any user on your server has sudo rights, you can go through this post to learn about it.
Check if you have Sudo Access
If you are wondering whether you have sudo privileges or not, you can run this command to get your sudo status:
# sudo -v
So, in the above example, the user amittal doesn’t have sudo access. Furthermore, you can also run the following command to get more details about your access:
# sudo -l
Check if another user have Sudo Access
There are two methods to check sudo access for the user:
Method 1 : Check with Sudo Command
You can use the sudo command to check if any user has sudo access or not on your server. Also, you can learn about other privileges available for that user:
# sudo -l -U amittal
So, we can clearly see that user amittal is not allowed to run sudo on the server. Therefore, amittal is a normal user on the server.
On the other hand, let’s try with another user zcamp:
Second user zcamp is allowed to run sudo commands and we can get more information about his privileges on the server.
Method 2: Check if the user is a part of ‘Sudo Group’
Sudo Group is another way to provide sudo access for multiple users.
If your user is a member of sudo group, you can check it by running the following command:
# groups aditya Output: aditya: aditya sudo
So, in this example, we can see that user aditya is a member of sudo group. Therefore, he has sudo privileges.
How to Remove Sudo Access from the user
In the above-mentioned commands, you have learned whether your guest user has sudo access or not.
Now, if you want to remove sudo access from that user, there are two methods.
Method 1: Remove the user from Sudoers file
Most of the times, sudo users are added in /etc/sudoers file. You can go to that file and remove the sudo access from the user:
# sudo nano /etc/sudoers
Simply open the file, remove the user from that list and save the file.
Method 2: Remove the user from Sudo Group
If that guest user is not present in /etc/sudoers file, that means he/she is added in sudo group. You can remove the user from the sudo group as follows:
Verify the Group Membership: # groups amittal Output: amittal: amittal sudo Remove amittal from sudo group: # gpasswd -d amittal sudo Verify again # groups amittal amittal:amittal
So, we can see that gpasswd -d command removes the member from the group.