Test whether a user has sudo privileges without requiring user inputUbuntu execute python script at logon as root after user logonssh-agent forwarding and sudo to another userSudo as different user and running screenAllow Apache to run a command as a different userHow can I use sudo when I logged in with a SSH key in PuTTY?ssh remote command using password-less sudo failsCan't use sudo without password on Ubuntu 12Ansible Fails to Authenticate Sudo Even When Sudo Pass is GivenHow to invoke sudo command such as systemctl via remote sshdocker-machine with “generic” driver: security concerns

Forgetting the musical notes while performing in concert

Why no variance term in Bayesian logistic regression?

Probability that a draw from a normal distribution is some number greater than another draw from the same distribution

Can the Meissner effect explain very large floating structures?

Why would the Red Woman birth a shadow if she worshipped the Lord of the Light?

GFCI outlets - can they be repaired? Are they really needed at the end of a circuit?

What killed these X2 caps?

Do UK voters know if their MP will be the Speaker of the House?

Why doesn't using multiple commands with a || or && conditional work?

If human space travel is limited by the G force vulnerability, is there a way to counter G forces?

Why is consensus so controversial in Britain?

Unable to supress ligatures in headings which are set in Caps

I would say: "You are another teacher", but she is a woman and I am a man

How much of data wrangling is a data scientist's job?

Can compressed videos be decoded back to their uncompresed original format?

Ambiguity in the definition of entropy

Why didn't Boeing produce its own regional jet?

Can a virus destroy the BIOS of a modern computer?

How could indestructible materials be used in power generation?

Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?

Why can't we play rap on piano?

Bullying boss launched a smear campaign and made me unemployable

How to add frame around section using titlesec?

What does the expression "A Mann!" means

Test whether a user has sudo privileges without requiring user input

Ubuntu execute python script at logon as root after user logonssh-agent forwarding and sudo to another userSudo as different user and running screenAllow Apache to run a command as a different userHow can I use sudo when I logged in with a SSH key in PuTTY?ssh remote command using password-less sudo failsCan't use sudo without password on Ubuntu 12Ansible Fails to Authenticate Sudo Even When Sudo Pass is GivenHow to invoke sudo command such as systemctl via remote sshdocker-machine with “generic” driver: security concerns

I have a local shell script that performs a number of tests on a remote host, before delivering the payload; one of these tests being whether the user has sudo privileges, checked simply with sudo -v however this requires the user to enter their password. Additionally the remote host seems to have instant sudo timeout so the password entry is required on every new connection, and this is something I don't have permission to change (as a policy).

I can of course test whether the user is part of certain groups, but then this would not be agnostic to the remote host configuration, so I was hoping there's a method that can check that doesn't need to assume the user's groups, as well as not needing user input?

Thanks!

UPDATE: To echo my comments, I only want to test whether a user could possibly sudo, without requiring user interaction for that test.

edited Feb 28 '12 at 10:12

asked Feb 28 '12 at 2:14

DanH

4472618

do you need to check wether the user has the possibility to use sudo, or if he is executing the shell script via sudo?

– Niko S P
Feb 28 '12 at 4:51

Just whether he has the possibility. The local script will require the sudo password to be entered later on, so I just want to check early on that the user on the remote host is even a sudoer.

– DanH
Feb 28 '12 at 9:32

a quick check on my ubuntu box gave me sudo -l, it returns the commands the user may run, if (ALL) ALL is part of them, the user is able to use sudo for any command. Maybe that's the right angle?

– Niko S P
Feb 28 '12 at 11:16

1

sudo -l prompts me for my password.

– ThatGraemeGuy
Feb 28 '12 at 11:55

1

Sudo caches based on tty so a if a new session gives you the same tty you may not be prompted. Try executing sudo -k first.

– Mark Wagner
Mar 6 '12 at 20:39

|
show 1 more comment

Thanks!

UPDATE: To echo my comments, I only want to test whether a user could possibly sudo, without requiring user interaction for that test.

edited Feb 28 '12 at 10:12

asked Feb 28 '12 at 2:14

DanH

4472618

do you need to check wether the user has the possibility to use sudo, or if he is executing the shell script via sudo?

– Niko S P
Feb 28 '12 at 4:51

Just whether he has the possibility. The local script will require the sudo password to be entered later on, so I just want to check early on that the user on the remote host is even a sudoer.

– DanH
Feb 28 '12 at 9:32

a quick check on my ubuntu box gave me sudo -l, it returns the commands the user may run, if (ALL) ALL is part of them, the user is able to use sudo for any command. Maybe that's the right angle?

– Niko S P
Feb 28 '12 at 11:16

1

sudo -l prompts me for my password.

– ThatGraemeGuy
Feb 28 '12 at 11:55

1

Sudo caches based on tty so a if a new session gives you the same tty you may not be prompted. Try executing sudo -k first.

– Mark Wagner
Mar 6 '12 at 20:39

|
show 1 more comment

Thanks!

UPDATE: To echo my comments, I only want to test whether a user could possibly sudo, without requiring user interaction for that test.

edited Feb 28 '12 at 10:12

asked Feb 28 '12 at 2:14

DanH

4472618

Thanks!

UPDATE: To echo my comments, I only want to test whether a user could possibly sudo, without requiring user interaction for that test.

ssh sudo

edited Feb 28 '12 at 10:12

asked Feb 28 '12 at 2:14

DanH

4472618

edited Feb 28 '12 at 10:12

asked Feb 28 '12 at 2:14

DanH

4472618

edited Feb 28 '12 at 10:12

asked Feb 28 '12 at 2:14

DanH

4472618

asked Feb 28 '12 at 2:14

DanH

4472618

asked Feb 28 '12 at 2:14

DanH

4472618

do you need to check wether the user has the possibility to use sudo, or if he is executing the shell script via sudo?

– Niko S P
Feb 28 '12 at 4:51

Just whether he has the possibility. The local script will require the sudo password to be entered later on, so I just want to check early on that the user on the remote host is even a sudoer.

– DanH
Feb 28 '12 at 9:32

a quick check on my ubuntu box gave me sudo -l, it returns the commands the user may run, if (ALL) ALL is part of them, the user is able to use sudo for any command. Maybe that's the right angle?

– Niko S P
Feb 28 '12 at 11:16

1

sudo -l prompts me for my password.

– ThatGraemeGuy
Feb 28 '12 at 11:55

1

Sudo caches based on tty so a if a new session gives you the same tty you may not be prompted. Try executing sudo -k first.

– Mark Wagner
Mar 6 '12 at 20:39

|
show 1 more comment

do you need to check wether the user has the possibility to use sudo, or if he is executing the shell script via sudo?

– Niko S P
Feb 28 '12 at 4:51

Just whether he has the possibility. The local script will require the sudo password to be entered later on, so I just want to check early on that the user on the remote host is even a sudoer.

– DanH
Feb 28 '12 at 9:32

a quick check on my ubuntu box gave me sudo -l, it returns the commands the user may run, if (ALL) ALL is part of them, the user is able to use sudo for any command. Maybe that's the right angle?

– Niko S P
Feb 28 '12 at 11:16

1

sudo -l prompts me for my password.

– ThatGraemeGuy
Feb 28 '12 at 11:55

1

Sudo caches based on tty so a if a new session gives you the same tty you may not be prompted. Try executing sudo -k first.

– Mark Wagner
Mar 6 '12 at 20:39

do you need to check wether the user has the possibility to use sudo, or if he is executing the shell script via sudo?

– Niko S P
Feb 28 '12 at 4:51

Just whether he has the possibility. The local script will require the sudo password to be entered later on, so I just want to check early on that the user on the remote host is even a sudoer.

– DanH
Feb 28 '12 at 9:32

a quick check on my ubuntu box gave me sudo -l, it returns the commands the user may run, if (ALL) ALL is part of them, the user is able to use sudo for any command. Maybe that's the right angle?

– Niko S P
Feb 28 '12 at 11:16

sudo -l prompts me for my password.

– ThatGraemeGuy
Feb 28 '12 at 11:55

Sudo caches based on tty so a if a new session gives you the same tty you may not be prompted. Try executing sudo -k first.

– Mark Wagner
Mar 6 '12 at 20:39

|
show 1 more comment

4 Answers
4

active

oldest

votes

I'm afraid the only thing you can test is if the user has sudo privileges without a password.

Execute

sudo -n true

If $? is 0, the user has sudo access without a password, if $? is 1, the user needs a password.

If you need verification for a specific program, change true with your program, in a way the program doesn't do anything, like chmod --help

answered Mar 6 '12 at 18:04

erickzetta

49924

1

Note that this does not help preliminary detecting if command X is sudoable without entering a password and without accidently running it

– try-catch-finally
Jul 2 '14 at 23:05

add a comment |

If you have one user with sudo access, like "root", you can use it to check other logins. As the user with access run:

sudo -n -l -U foo 2>&1 | egrep -c -i "not allowed to run sudo|unknown user"

If it returns zero, "foo" has access. Otherwise, it doesn't have sudo access.

answered Aug 27 '14 at 21:38

Todd Moyer

311

2

Simply sudo -n -l cmd and you will be told if the current user has sudo access to cmd. If you want to test the result.

– Philippe A.
Oct 18 '16 at 19:07

add a comment |

sudo -l

That should give you enough to decide if you have the privs you want/need.

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

1

This still asks for a password in my system (Ubuntu 16.04).

– Mario Vilas
Jul 7 '17 at 13:34

add a comment |

I know that this is a super old question, but I found luck with the -n (non-interactive) flag and -v / -l. But, you do have to inspect the output:

$ sudo -vn && sudo -ln #User with cached credentials
User adminuser may run the following commands on computername:
 (ALL) ALL
$ sudo -vn && sudo -ln #User who _can_ sudo but isn't cached
sudo: a password is required
$ sudo -vn && sudo -ln #User who can't at all
Sorry, user nonadmin may not run sudo on computername.

Some output-redirection and grepping will get you there, probably:

if (sudo -vn && sudo -ln) 2>&1 | grep -v 'may not' > /dev/null; then
 #they're cool
 exit 0 #Or, whatever
fi

answered 2 days ago

Matt Moretti

111

New contributor

add a comment |

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f364334%2ftest-whether-a-user-has-sudo-privileges-without-requiring-user-input%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

4 Answers
4

active

oldest

votes

4 Answers
4

active

oldest

votes

I'm afraid the only thing you can test is if the user has sudo privileges without a password.

Execute

sudo -n true

If $? is 0, the user has sudo access without a password, if $? is 1, the user needs a password.

If you need verification for a specific program, change true with your program, in a way the program doesn't do anything, like chmod --help

answered Mar 6 '12 at 18:04

erickzetta

49924

1

Note that this does not help preliminary detecting if command X is sudoable without entering a password and without accidently running it

– try-catch-finally
Jul 2 '14 at 23:05

add a comment |

I'm afraid the only thing you can test is if the user has sudo privileges without a password.

Execute

sudo -n true

If $? is 0, the user has sudo access without a password, if $? is 1, the user needs a password.

If you need verification for a specific program, change true with your program, in a way the program doesn't do anything, like chmod --help

answered Mar 6 '12 at 18:04

erickzetta

49924

1

Note that this does not help preliminary detecting if command X is sudoable without entering a password and without accidently running it

– try-catch-finally
Jul 2 '14 at 23:05

add a comment |

I'm afraid the only thing you can test is if the user has sudo privileges without a password.

Execute

sudo -n true

If $? is 0, the user has sudo access without a password, if $? is 1, the user needs a password.

If you need verification for a specific program, change true with your program, in a way the program doesn't do anything, like chmod --help

answered Mar 6 '12 at 18:04

erickzetta

49924

I'm afraid the only thing you can test is if the user has sudo privileges without a password.

Execute

sudo -n true

If $? is 0, the user has sudo access without a password, if $? is 1, the user needs a password.

If you need verification for a specific program, change true with your program, in a way the program doesn't do anything, like chmod --help

answered Mar 6 '12 at 18:04

erickzetta

49924

answered Mar 6 '12 at 18:04

erickzetta

49924

answered Mar 6 '12 at 18:04

erickzetta

49924

answered Mar 6 '12 at 18:04

erickzetta

49924

1

Note that this does not help preliminary detecting if command X is sudoable without entering a password and without accidently running it

– try-catch-finally
Jul 2 '14 at 23:05

add a comment |

1

Note that this does not help preliminary detecting if command X is sudoable without entering a password and without accidently running it

– try-catch-finally
Jul 2 '14 at 23:05

Note that this does not help preliminary detecting if command X is sudoable without entering a password and without accidently running it

– try-catch-finally
Jul 2 '14 at 23:05

add a comment |

If you have one user with sudo access, like "root", you can use it to check other logins. As the user with access run:

sudo -n -l -U foo 2>&1 | egrep -c -i "not allowed to run sudo|unknown user"

If it returns zero, "foo" has access. Otherwise, it doesn't have sudo access.

answered Aug 27 '14 at 21:38

Todd Moyer

311

2

Simply sudo -n -l cmd and you will be told if the current user has sudo access to cmd. If you want to test the result.

– Philippe A.
Oct 18 '16 at 19:07

add a comment |

If you have one user with sudo access, like "root", you can use it to check other logins. As the user with access run:

sudo -n -l -U foo 2>&1 | egrep -c -i "not allowed to run sudo|unknown user"

If it returns zero, "foo" has access. Otherwise, it doesn't have sudo access.

answered Aug 27 '14 at 21:38

Todd Moyer

311

2

Simply sudo -n -l cmd and you will be told if the current user has sudo access to cmd. If you want to test the result.

– Philippe A.
Oct 18 '16 at 19:07

add a comment |

If you have one user with sudo access, like "root", you can use it to check other logins. As the user with access run:

sudo -n -l -U foo 2>&1 | egrep -c -i "not allowed to run sudo|unknown user"

If it returns zero, "foo" has access. Otherwise, it doesn't have sudo access.

answered Aug 27 '14 at 21:38

Todd Moyer

311

If you have one user with sudo access, like "root", you can use it to check other logins. As the user with access run:

sudo -n -l -U foo 2>&1 | egrep -c -i "not allowed to run sudo|unknown user"

If it returns zero, "foo" has access. Otherwise, it doesn't have sudo access.

answered Aug 27 '14 at 21:38

Todd Moyer

311

answered Aug 27 '14 at 21:38

Todd Moyer

311

answered Aug 27 '14 at 21:38

Todd Moyer

311

answered Aug 27 '14 at 21:38

Todd Moyer

311

2

Simply sudo -n -l cmd and you will be told if the current user has sudo access to cmd. If you want to test the result.

– Philippe A.
Oct 18 '16 at 19:07

add a comment |

2

Simply sudo -n -l cmd and you will be told if the current user has sudo access to cmd. If you want to test the result.

– Philippe A.
Oct 18 '16 at 19:07

Simply sudo -n -l cmd and you will be told if the current user has sudo access to cmd. If you want to test the result.

– Philippe A.
Oct 18 '16 at 19:07

add a comment |

sudo -l

That should give you enough to decide if you have the privs you want/need.

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

1

This still asks for a password in my system (Ubuntu 16.04).

– Mario Vilas
Jul 7 '17 at 13:34

add a comment |

sudo -l

That should give you enough to decide if you have the privs you want/need.

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

1

This still asks for a password in my system (Ubuntu 16.04).

– Mario Vilas
Jul 7 '17 at 13:34

add a comment |

sudo -l

That should give you enough to decide if you have the privs you want/need.

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

sudo -l

That should give you enough to decide if you have the privs you want/need.

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

answered Aug 27 '14 at 21:46

dmourati

19.9k22863

1

This still asks for a password in my system (Ubuntu 16.04).

– Mario Vilas
Jul 7 '17 at 13:34

add a comment |

1

This still asks for a password in my system (Ubuntu 16.04).

– Mario Vilas
Jul 7 '17 at 13:34

This still asks for a password in my system (Ubuntu 16.04).

– Mario Vilas
Jul 7 '17 at 13:34

add a comment |

I know that this is a super old question, but I found luck with the -n (non-interactive) flag and -v / -l. But, you do have to inspect the output:

$ sudo -vn && sudo -ln #User with cached credentials
User adminuser may run the following commands on computername:
 (ALL) ALL
$ sudo -vn && sudo -ln #User who _can_ sudo but isn't cached
sudo: a password is required
$ sudo -vn && sudo -ln #User who can't at all
Sorry, user nonadmin may not run sudo on computername.

Some output-redirection and grepping will get you there, probably:

if (sudo -vn && sudo -ln) 2>&1 | grep -v 'may not' > /dev/null; then
 #they're cool
 exit 0 #Or, whatever
fi

answered 2 days ago

Matt Moretti

111

New contributor

add a comment |

I know that this is a super old question, but I found luck with the -n (non-interactive) flag and -v / -l. But, you do have to inspect the output:

$ sudo -vn && sudo -ln #User with cached credentials
User adminuser may run the following commands on computername:
 (ALL) ALL
$ sudo -vn && sudo -ln #User who _can_ sudo but isn't cached
sudo: a password is required
$ sudo -vn && sudo -ln #User who can't at all
Sorry, user nonadmin may not run sudo on computername.

Some output-redirection and grepping will get you there, probably:

if (sudo -vn && sudo -ln) 2>&1 | grep -v 'may not' > /dev/null; then
 #they're cool
 exit 0 #Or, whatever
fi

answered 2 days ago

Matt Moretti

111

New contributor

add a comment |

I know that this is a super old question, but I found luck with the -n (non-interactive) flag and -v / -l. But, you do have to inspect the output:

$ sudo -vn && sudo -ln #User with cached credentials
User adminuser may run the following commands on computername:
 (ALL) ALL
$ sudo -vn && sudo -ln #User who _can_ sudo but isn't cached
sudo: a password is required
$ sudo -vn && sudo -ln #User who can't at all
Sorry, user nonadmin may not run sudo on computername.

Some output-redirection and grepping will get you there, probably:

if (sudo -vn && sudo -ln) 2>&1 | grep -v 'may not' > /dev/null; then
 #they're cool
 exit 0 #Or, whatever
fi

answered 2 days ago

Matt Moretti

111

New contributor

I know that this is a super old question, but I found luck with the -n (non-interactive) flag and -v / -l. But, you do have to inspect the output:

$ sudo -vn && sudo -ln #User with cached credentials
User adminuser may run the following commands on computername:
 (ALL) ALL
$ sudo -vn && sudo -ln #User who _can_ sudo but isn't cached
sudo: a password is required
$ sudo -vn && sudo -ln #User who can't at all
Sorry, user nonadmin may not run sudo on computername.

Some output-redirection and grepping will get you there, probably:

if (sudo -vn && sudo -ln) 2>&1 | grep -v 'may not' > /dev/null; then
 #they're cool
 exit 0 #Or, whatever
fi

answered 2 days ago

Matt Moretti

111

New contributor

answered 2 days ago

Matt Moretti

111

New contributor

answered 2 days ago

Matt Moretti

111

answered 2 days ago

Matt Moretti

111

New contributor

Matt Moretti is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Otdfbt

4 Answers
4

Your Answer

Post as a guest

4 Answers
4

4 Answers
4

Post as a guest

Popular posts from this blog

4 Answers 4

Your Answer

Sign up or log in

Post as a guest

Post as a guest

4 Answers 4

4 Answers 4

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

4 Answers
4

4 Answers
4

4 Answers
4