Get sudoers information for all users on a server

I want to collect information on what sudoers actions a user can perform on a server. From what I've read, you can do this with the command sudo -l -U username. However, one server that I have has a slightly older version of sudo (1.6.7p5) and the -U option doesn't seem to exist (I don't own the server so I can't just upgrade to a newer version of sudo).

Has anyone ever had to collect sudoers information for all users on a server? How would you recommend doing it?

EDIT: This has to be an automated process, so "just look at the sudoers file" won't work.

Jon Kruger

Posted 2011-01-11T13:51:03.863

Reputation: 101

If you at least have root privileges, you can install a newer sudo to your home directory (./configure --prefix ~/usr or your location of choice), run it with -U, then simply remove it. – user1686 – 2011-01-11T14:16:08.320

I don't have root privileges or permission to install a newer sudo. – Jon Kruger – 2011-01-11T15:30:22.820

Answers

As root:

cat /etc/sudoers > /home/username/sudoerprivs  
cd /home/username  
chown username:username sudoerprivs

RobotHumans

Posted 2011-01-11T13:51:03.863

Reputation: 5 758

This has to be an automated process, so just visually looking at the file won't work. – Jon Kruger – 2011-01-11T18:25:10.017

Can't you just search through the file with grep and awk based on the lines you need? – Katerberg – 2011-01-20T23:07:37.787

1@Diablomarcus - yes you could. I made a copy in this method so it could be moved to another computer in an enterprise environment. Then you could launch shell scripts containing grep or awk at a hierarchy of directories/files to programmatically check ALL computers. – RobotHumans – 2011-01-21T01:11:08.503

You can just do visudo and see what options each user has.

Katerberg

Posted 2011-01-11T13:51:03.863

Reputation: 745

This has to be an automated process, so just visually looking at the file won't work. – Jon Kruger – 2011-01-11T15:29:41.917