2
How do I list all users with admin rights on Linux? I checked file /etc/passwd/, but I don't know how can I figure out which account is privileged.
KlimczakM
Posted 2012-08-02T14:13:29.770
Reputation: 125
List admins on Linux
Answers
6
First, there is root (UID=0), which is and always be the only true admin, or superuser.
However, other users may be given the ability to impersonate root, and in that way effectively become admins. This can be done with:
su: This command impersonates a user and opens a shell, but you need to know the target user's password. This allows anyone who knows root's password to become an administrator.sudo: This command impersonates a user and executes a command, but you need to know the invoking user's password, and the invoking user must have sudo privileges. This allows anyone with sudo privileges to become an administrator.
On an Ubuntu system, the root account is generally disabled, which means root doesn't have a password and you can't log into that account, so su is not available. root can still be impersonated, however, which means the primary method of being an admin is through the sudo command.
To find out who generally has sudo privileges, you can view the sudoers file, which is located at /etc/sudoers. You might also want to look up the file format in the man pages. By default, Ubuntu has an admin group, and anyone in that group can use sudo. Other distributions might have a sudoers group or a sudo group or a staff group. grawity adds that most KDE and Gnome applications use polkit to manage authorization, which usually uses the wheel group for administrator privileges. OS X also uses the wheel group to give admin access to daemons and other system-level tasks, while the admin group is used to give administrator access to user accounts.
Beyond this, there are a myriad of "partial-admin" things that can be set up. Root is only an "admin" because it inherently bypasses security checks. If a user has specific permissions for a certain function, then they too are an "admin" over that area; For example, just as you are an admin over your home directory, you can make someone an admin over the webserver, or an admin over the video/audio outputs on the computer (Look up the video and audio groups, if I remember Ubuntu correctly).
To summarize, there's not exactly an easy way to get a "list of administrators". However, to quickly get most of them:
root, just because.- Anyone with sudo privileges, or in a group with sudo privileges. Usually anyone in the
admin,wheel,staff,sudo, orsudoersgroups, if they exist. - Of course, anyone that knows the password to the aforementioned accounts.
Darth Android
Posted 2012-08-02T14:13:29.770
Reputation: 35 133
Worth mentioning is polkit, which manages authorization for practically all GNOME and KDE applications. Normally it uses wheel as the admin group, although Ubuntu may have changed it to admin [cannot check now]. – user1686 – 2012-08-02T16:52:22.023
1
You can use
less /etc/group
to look for the groups.
0
On Linux, special privileges are typically supplied through groups. E.g. people in the sudoers group may use sudo, people in the audio group may play audio, etc. Use the groups command to list the groups a user is in.
Sjoerd
Posted 2012-08-02T14:13:29.770
Reputation: 1 131
0
Using default settings, users that have the right to sudo belong to the group "wheel". Maybe this will lead you in the right direction?
Except in Ubuntu it's admin. – user1686 – 2012-08-02T16:49:32.650
0
To actually find the admin for a group, you would look at the group- file. This file lists all the admins for each group listed. You can only view the contents of this file if you are an admin elevated through SUDO or root. The regular group file as others have mentioned will only list general memberships to such listed groups.
This is how Slackware or other Slackware distros work, but i do recall seeing other distros having these files.
user202041
Posted 2012-08-02T14:13:29.770
Reputation: 1
There is only one privileged account - root. There may be people listed in the /etc/sudoers file who can GAIN root privileges, but root is the highlander - there can only be one. – None – 2012-08-02T14:14:32.437
1@Marc-B There may be more than one user with UID 0. – scai – 2012-08-02T14:15:28.790
1@scai: true, but that's not a supported use. all the "who does this uid belong to" functions only return a single user, the first one found in /etc/passwd. – None – 2012-08-02T14:23:26.570
One of the best answers(1): http://serverfault.com/a/208355/211551
– AjayKumarBasuthkar – 2014-05-30T23:10:24.297One of the test answers(2): http://serverfault.com/a/208384/211551
– AjayKumarBasuthkar – 2014-05-30T23:10:53.263