LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Check to see which users have root level acess (https://www.linuxquestions.org/questions/linux-newbie-8/check-to-see-which-users-have-root-level-acess-643819/)

harsh5235 05-21-2008 11:50 AM
Check to see which users have root level acess
 
I am on a giant shared system.

is there an easy way for me to check which users have root level access?

Maybe some file in /etc/ or something?

MensaWater 05-21-2008 12:13 PM
Assuming YOU have root access:

1) Check for users with UID of 0 in /etc/passwd. Ideally only root has this but some people never learn and think they've somehow done security setup by making a different name with the same UID as root. Doing that is the same as giving them root so why bother.

2) If the system runs sudo then run visudo and examine the sudoers file to see if you've given root access (e.g. "su" or "su -" with no user following would mean whoever has that grant has permission to sudo to the root user.)
Also look for less obvious things that might have shell escapes that would have the same effect (e.g. "vi" or "vim" - if user can run "sudo vi" or "sudo vim" they can get root access simply by typing ":!" once the vi/vim session starts.)

3) Do a find for files owned by root that have the setuid flag on them. Such files would execute as root. This is required for some things but should be used sparingly and NEVER on a shell script that can be edited by anyone other than root.

chrism01 05-21-2008 06:40 PM
Also,
cat /etc/group
should show only 1 entry (root) in the record for the root group (gid=0).
For the paranoid, check /etc/passwd gid fields


All times are GMT -5. The time now is 01:59 AM.