Wednesday, July 23, 2008

Sudo Accessible Commands Report

The Linux sudo command allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers file.

To find out what are the commands granted, just execute the sudo -l command, which essentially output all commands granted into a single long line.

If there are only few commands granted, that is fine to read out what are the commands granted, or find out any possible typo errors of the command name maintained in the /etc/sudoers file.

However, if there are few ten of commands granted, it is not that easy to read the sudo -l output, which list all the granted commands in a single line.

Well, there are two solutions to this irritating problem.

  1. Execute sudo -l | grep --color=auto tar command, which will highlight (in color) the matched keyword found in the single long line of commands granted.

  2. Download the scripts file, which will breakdown individual commands output by sudo -l into multiple lines. Just type to get a formatted version of sudo -l report, or pipe the output to grep or sort command. For example, | grep tar or | sort.

The first attempt is always simple enough. To make it more simple, create a simple shell scripts containing these lines below, and keep this scripts file in any directory path reported by $PATH environment variable.


sudo -l | grep --color=auto $1

Assuming this scripts file saved as wsudo file name, then to find out whether the tar command is granted, just type wsudo tar at command prompt.


No comments: