On an Ubuntu Linux system,
you can determine which users are allowed to use the
sudo command by looking
at the contents of the /etc/group file. If you
grep for sudo
you will see which accounts on the system can use the command.
jack@firefly:~$ grep sudo /etc/group sudo:x:27:jack,jill@ad.example.com jack@firefly:~$
The above output shows that the local jack account and a
Windows domain
account, jill@ad.example.com, can use the command.
You can see what groups a particular user belongs to with the command
groups username, where username is the user's account
name.
jack@firefly:~$ groups jack jack : jack adm cdrom sudo dip plugdev users lpadmin jack@firefly:~$
You can also determine if a user has sudo privilege using
groups username | grep -c sudo. If the result is 0, then
the user does not have that privilege. If the result is 1, indicating that
the grep command found username once in the output of the groups command,
then the user has that privilege.
jack@firefly:~$ groups jill@ad.example.com | grep -c sudo 1 jack@firefly:~$
You can grant a user sudo privilege by issuing the command
sudo usermod -aG sudo username from an account that already
has the capability to run the sudo command.
jack@firefly:~$ sudo usermod -aG sudo mary [sudo: authenticate] Password: jack@firefly:~$
You can remove a user's account from the list of those allowed to run
the command using the gpasswd command, which is part of the sysutils package,
by issuing the command sudo gpasswd -d username sudo.
jack@firefly:~$ sudo gpasswd -d mary sudo Removing user mary from group sudo jack@firefly:~$ groups mary | grep -c sudo 0 jack@firefly:~$