Check to see which users have root level acess
I am on a giant shared system.
is there an easy way for me to check which users have root level access? Maybe some file in /etc/ or something? |
Assuming YOU have root access:
1) Check for users with UID of 0 in /etc/passwd. Ideally only root has this but some people never learn and think they've somehow done security setup by making a different name with the same UID as root. Doing that is the same as giving them root so why bother. 2) If the system runs sudo then run visudo and examine the sudoers file to see if you've given root access (e.g. "su" or "su -" with no user following would mean whoever has that grant has permission to sudo to the root user.) Also look for less obvious things that might have shell escapes that would have the same effect (e.g. "vi" or "vim" - if user can run "sudo vi" or "sudo vim" they can get root access simply by typing ":!" once the vi/vim session starts.) 3) Do a find for files owned by root that have the setuid flag on them. Such files would execute as root. This is required for some things but should be used sparingly and NEVER on a shell script that can be edited by anyone other than root. |
Also,
cat /etc/group should show only 1 entry (root) in the record for the root group (gid=0). For the paranoid, check /etc/passwd gid fields |
All times are GMT -5. The time now is 01:59 AM. |