On Unix-like operating systems, sudo allows users to run programs with the same security privileges given to the superuser (also known as root, administrator, admin, or supervisor). It originally meant "superuser do" because sudo was invented to run commands only as the superuser on older versions of Linux.

How do you list all the sudo users on a Ubuntu machine?

You can do this using the getent command:

    
      getent group sudo
    
  

The output should look something like this:

    
      sudo:x:27:bob,bill
    
  

This command queries the /etc/group file in your system and gets each entry that matches sudo.

The output format is as follows:

    
      group:password:GID:user(s)
    
  

Here's an explanation for each item:

  • group is the name of the given group.
  • password is the encrypted group password. If this value is empty, it means there is no password. If the value is x, the password is in the /etc/gshadow file.
  • GID is the group ID.
  • users() is a comma-separated list of users that are members of the group. An empty value means there are no users in the group.

If you want to output only the list of usernames and remove the rest of the items, use this command:

    
      getent group sudo | awk -F: '{print $4}'
    
  

This will output just the comma-delimited list of users:

    
      bob,bill
    
  

Also, you may need to check if a specific user has sudo access or not.

You can do this by using the -l and -U options together in a single command:

    
      sudo -l -U bob
    
  

If that user has sudo access, it will print the level of sudo access it has:

    
      User bob may run the following commands on comp:
          (ALL : ALL) ALL
    
  

If the user doesn't have sudo access, it will output this:

    
      User john is not allowed to run sudo on comp.
    
  

There you go! That's how you get a list of all the sudo users on a Ubuntu machine and check if a single user has sudo permissions.

Thanks for reading and happy computing!