Hi,
I need the details of which ids belong to the sudoers file, and which groups these ids belong to.
Can anyone suggest a way to derive that information into a flat file please?
G
/etc/sudoers is readable only by root. You have to become root to read it.
Example:
somedata=$( sudo grep ADMINS /etc/sudoers)
This question is too vague (I don't think Jim interpreted it correctly). Perhaps you mean "which users are allowed to execute what commands" in a sudoers file? If that is indeed the question, the answer is difficult since sudoers has a rather complex syntactical and semantic structure (user aliases, group policies, external files, etc).
On possibility is you can run "sudo -l" per user. This will show you which commands that user can run.
User mary may run the following commands on this host:
(ALL) ALL
(ALL) NOPASSWD: /opt/dplat/bin/Revision/CMUpdatePackage/Installer.app/Contents/MacOS/Installer
You could then run that for each host that has access to the server.
1 Like
Otheus' approach makes more sense than mine.
However direct access to /etc/sudoers is limited and must be limited to the root user only.
sudo -l
For every user could be painful unless NOPASSWD is specified in the sudoers file. In other words you may have to know user passwords to do this depending on how sudoers is set up.
Assuming one has root access:
getent passwd | cut -d: -f1 | xargs -n 1 sudo -l -U
will list what commands can be run via sudo for all users. Parsing the output of sudo is left as an exersize to the reader. 