Authors Top

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

1. Overview

In Linux, superusers are accounts that have administrator privileges, unlike regular users who only have ordinary permissions. As a system administrator, it’s essential to keep track of these users. For instance, we might discover there is a superuser whose privileges we forgot to revoke which is dangerous to the security of our system.

In this tutorial, we’ll learn to list all the superusers in our system.

2. Using the getent Command

Here, we use the getent command to do a search in the /etc/group file. This file stores a list of groups and the users assigned to every group:

$ getent group sudo
sudo:x:27:peter,james

From the output above, we can see that there are four fields, separated by colon (:) characters. Now, for emphasis, let’s discuss these fields.

First, we have the group field, which is the name of the group – in this case, sudo. Second, we have the password field that displays the group password, which is encrypted. If the password field has a value of x, then the password is stored in the /etc/gshadow file. Equally important, if the password field is empty, then there is no password. Third, we have the GID (Group ID), and the fourth field represents a list of the group members – in this case, peter and james.

2.1. Using getent With awk

Now, let’s clean up our output by listing only the usernames:

$ getent group sudo | awk -F: '{print $4}'
peter,james

The command above displays a comma-separated list of superusers.

Considering the command we executed, the awk command searches through the /etc/group file line by line. We add the -F option to define the delimiter separating the fields as a colon (:). Also, we use the print statement to print out the fourth field ($4) to show the members of the sudo group.

3. Using the grep Command

We can also use the grep command to go through the /etc/group file, searching for any string pattern we pass as our argument.

Let’s begin by searching for any line that starts with the “sudo:” string pattern:

$ grep '^sudo:' /etc/group
sudo:x:27:peter,james

Here, we see our output is a line that matches the defined pattern which eventually shows the members of the sudo group. In detail, this group is responsible for mapping all the superusers in our system.

3.1. Using grep With cut

Next, let’s clean up the output and list only the group members:

$ grep '^sudo:' /etc/group | cut -d: -f4
peter,james

Above, we make use of the cut command. This allows us to remove sections from lines in our input by either field, character, or byte position. After the cut command slices these lines, it then writes the results to standard output.

In our case, we use fields to slice and get our information. For this, we use the -f option and add 4 next to it to say that we’ll capture the fourth field containing the group members. However, the cut command by default uses tab as a field delimiter. This is why we need to use the -d option to define our field delimiter as a colon (:).

4. Using the sudo Command

At times, we might have only a few well-known users in our system. In this scenario, it makes sense that we check each user individually and confirm if they have superuser privileges. For this, we’ll make use of the sudo command, which makes it possible for a user to execute commands as a superuser or even another user.

To begin, we’ll look at users with access to our system:

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
...
peter:x:1000:1000:PETER KARANJA,,,:/home/peter:/bin/bash
sam:x:1001:1001:Samuel Njuguna Karanja,,,:/home/sam:/bin/bash
james:x:1002:1002:james,,,:/home/james:/bin/bash

Since peter is the administrator here, we’ll work with the other two users, james and sam, respectively.

Let’s start by confirming the user privileges available to james:

$ sudo -l -U james
[sudo] password for peter: 
Matching Defaults entries for james on peter-HP-15-Notebook-PC:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
    use_pty

User james may run the following commands on peter-HP-15-Notebook-PC:
    (ALL : ALL) ALL

The output above shows that the user james has permission to run all commands. So, this is proof that our user is in the sudo group.

Using the -l option helps display the privileges of our user james.

Now, let’s see what happens in the case of the user sam:

$ sudo -l -U sam
User sam is not allowed to run sudo on peter-HP-15-Notebook-PC.

The user sam doesn’t have the authorization to perform superuser privileged tasks. Thus, sam is just a normal user.

5. Conclusion

In this tutorial, we’ve learned about commands that we can use to list all superusers in Linux. With this knowledge, we’re now able to check the number of superusers in our system once in a while. This will prove to be a good practice in maintaining a secure environment for our system.

Authors Bottom

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

Comments are closed on this article!