View list of sudoers with no sudo privileges

  • If I’m not a sudoer, is it possible to view the list of sudoers?
  • Does /etc/group show this information?
Asked By: boxofchalk1


No you’re unable to find out whom has access to sudo rights if you yourself do not have access directly. You could possibly “back into it” by seeing what users if any are members of the Unix group “wheel”.


This shows that user “saml” is a member of the wheel group.

$ getent group wheel

Being a member of the “wheel” group typically allows for full sudo rights through this rule that’s often in a systems sudoers file, /etc/sudoers.

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)   ALL

But there are no guarantees that the administrator of a given system decided to give sudo rights out in this manner. The just as easily could’ve done it like so:

## Allow root to run any commands anywhere 
root    ALL=(ALL)   ALL
saml    ALL=(ALL)   ALL

In which case, without sudo rights you could never gain access to a system’s /etc/sudoers file to see this entry.

What about /etc/groups

This file only shows users who have a 2nd, 3rd, etc. group associated with them. Often times user accounts only have a single group associated, in which case you’d need to use a slightly different command to find out a given user’s primary group:

$ getent passwd saml

Here user “saml” has the primary group 1000. This GID equates to this group:

$ getent group 1000

But none of this actually tells you anything as to which user accounts have sudo rights.

Why the big secret?

This is all done to prevent what’s known as a side channel attack. Leaking information out, such as which accounts have privileges, would give important information out to a would be attacker, if they were able to gain access to any account on a given system. So often times it’s best to mask this info from any non-privileged account.

Answered By: slm
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.