Script to find user having sudo access to root

[Pochu]

#!/bin/bash
count=$(cat /etc/sudoers | grep "ALL" | grep -v ^# | wc -l)
echo "The following users have sudo access to root"
for i in $(seq 1 $count)
do
line=$(cat /etc/sudoers | grep "ALL" | grep -v ^# | head -n $i | tail -n 1 | tr "=()" " ")
cnt=$(echo $line | sed -e 's/[^ALL]/ /g' | wc -w)
if [ $cnt -eq 3 ]; then
myuser=$(echo $line | awk -F' ' '{print $1}')
mygroup=$(echo $myuser | grep ^%)

if [ -z "$mygroup" ]; then
User="$myuser"
NAME=`grep $User /etc/passwd | awk -F":" '{print $5}'`
echo "$myuser"
else
Group="$(echo $mygroup | tr "%" " ")"
GID=(`grep $Group /etc/group | awk -F ":" '{print $3}'`)
#NAME=`grep $GID /etc/passwd | awk -F":" '{print $1 " "$5}'`
echo "$myuser"
fi
fi
done

 

[feherke]

Hi

We appreciate your intention and effort.

But when you post a Helpful Tip, could you please avoid UUOC ?

A few words about functionality, installation, requirements, usage would make your post look better.

Feherke.

http://rootshell.be/~feherke/

 

[Pochu]

It is so simple to execute it from anywhere on any linux system.
But anyway i like your Suggestion. I will do it next time.
For above script you can simply execute it . (./... )

 

[Pochu]

I wrote it while SOX auditing.

 

[feherke]

Hi

Ok, but do I need to be root or be member of a specific group, or a regular user can use it ? Does the script need suid or sgid bit set, or not ?

( Sorry, I know almost nothing about [tt]sudo[/tt] and its configuration. )

Feherke.

http://rootshell.be/~feherke/

 

[Pochu]

As i stated previously, you don't need to do anything. Just execute the script by any user.
This script logically grep and awk's the sudoers file and shows the expected result.

 

[MoreFeo]

I've got the file /etc/sudoers with permissions 440 o=root and g=root.

Could any user run this script?

 

[Pochu]

In this case you should be a root or member of root group.