It is known that * nix-like OS rules for sudo configured in the /etc/sudoers file, but if there are many different rules for different users, especially if aliases / macros are used, how convenient to diagnose, what exactly is allowed to do through sudo specific user ?
AntonioK AntonioK
2,759 ten 40
|
1 answer
Many people do not know that sudo has a built-in feature for convenient diagnostics, for this purpose the -l switch is used:
# sudo -l -U vasya-pupkin Runas and Command-specific defaults for vasya-pupkin: User vasya-pupkin may run the following commands on this host: (root) /usr/bin/tailf, /bin/ls, /usr/sbin/tcpdump (asterisk) NOPASSWD: /bin/mv If you call sudo -l without additional keys, the commands allowed for sudoers for the current user will be shown. Using the additional key -U username you can view the allowed commands for any user in the system (but only if the peeper is root).
In the given example, the user vasya-pupkin can run tailf , ls and tcpdump from the root, as well as on behalf of the user asterisk to move files (conveniently if you need to allow a non-root user to manipulate files belonging to a third user).
AntonioK AntonioK
2,759 ten 40
|