How to check if I have sudo access?
Solution 1
Run sudo -v
. It is usually used to extend your sudo password timeout, but can be used for determining whether you have any sudo
privileges.
$ sudo -v
Sorry, user [username] may not run sudo on [hostname].
Man page excerpt:
If given the -v (validate) option, sudo will update the user’s time stamp, prompting for the user’s password if necessary. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.
If your user is only allowed to run specific commands, this command will work, indicating you are allowed to run something with different privileges. While the message looks different when trying to execute a command you're not allowed to in this case (and no mail is sent to root), it's still possible you'll get into trouble if the admins read /var/log/secure
.
$ sudo ls
[sudo] password for [username]:
Sorry, user [username] is not allowed to execute '/bin/ls' as root on [hostname].
To find out what you're allowed to run with different privileges, you can use sudo -l
. Note that this command requires you to enter your password.
Solution 2
This is very simple. Run sudo -l
. This will list any sudo privileges you have.
Solution 3
Gerald Schade's answer here, can still be improved!
Use
prompt=$(sudo -nv 2>&1)
if [ $? -eq 0 ]; then
# exit code of sudo-command is 0
echo "has_sudo__pass_set"
elif echo $prompt | grep -q '^sudo:'; then
echo "has_sudo__needs_pass"
else
echo "no_sudo"
fi
Here's a complete example of usage in a script:
#!/usr/bin/env bash
is_root () {
return $(id -u)
}
has_sudo() {
local prompt
prompt=$(sudo -nv 2>&1)
if [ $? -eq 0 ]; then
echo "has_sudo__pass_set"
elif echo $prompt | grep -q '^sudo:'; then
echo "has_sudo__needs_pass"
else
echo "no_sudo"
fi
}
elevate_cmd () {
local cmd=$@
HAS_SUDO=$(has_sudo)
case "$HAS_SUDO" in
has_sudo__pass_set)
sudo $cmd
;;
has_sudo__needs_pass)
echo "Please supply sudo password for the following command: sudo $cmd"
sudo $cmd
;;
*)
echo "Please supply root password for the following command: su -c \"$cmd\""
su -c "$cmd"
;;
esac
}
if is_root; then
echo "Error: need to call this script as a normal user, not as root!"
exit 1
fi
elevate_cmd which adduser
Solution 4
Here is the script-friendly version:
timeout 2 sudo id && echo Access granted || echo Access denied
since it won't stuck on the password input if you do not have the sudo
access.
You can also set it in a variable like:
timeout 2 sudo id && sudo="true" || sudo="false"
echo "$sudo"
Note: On macOS, you need to install coreutils
, e.g. brew install coreutils
.
Solution 5
For me, 'sudo -v
' and 'sudo -l
' did not work in a script because sometimes interactive (asking me for a password, like mentioned above).
'sudo -n -l
' did also not work, it gave the exit code '1' although I have sudo permissions, because of the missing password.
But extending the command to:
A=$(sudo -n -v 2>&1);test -z "$A" || echo $A|grep -q asswor
was successful for me for the script.
This expression gives 0
if the current user can call 'sudo' and 1
if not.
Explanation:
The additional parameter -n
to sudo
prevents interactivity.
The output $A
of the command 'sudo -n -v 2>&1
' may be:
- empty (in this case, sudo can be called by the current user), or:
- a note that the current user is not authorized for sudo, or:
- a question text for the password (in this case, the user is authorized).
("asswor" will fit for an english "password" as well as for a German "Passwort").
Related videos on Youtube
Bruce
Updated on September 18, 2022Comments
-
Bruce over 1 year
I recently got into trouble because of this.
$sudo vim /etc/motd [sudo] password for bruce: bruce is not in the sudoers file. This incident will be reported.
Is there a way to check if I have sudo access or not?
-
Admin about 11 yearsYou have not mentioned if you can attain root access or not.
-
Admin about 11 yearsThis has to be the first instance of seeing someone following up on "This incident will be reported".
-
-
Bruce about 11 yearsThanks. sudo -v works for me. The man page says I can run sudo -l as well but that asks for a password. Why is that?
-
HikeMike about 11 years@Bruce I'm guessing here, but otherwise someone (or a program you run) could find out what programs can be executed (possibly without entering password) by your current user and try to use that information maliciously.
-
Patrick M about 10 yearsWhat do you suppose it means when I get this back:
patrick@<host>:~$ sudo -v sudo: unable to resolve host <host>
? I entered my password and didn't get anything about unauthorized. I know I havesudo
from successfully running other commands, but thatunable to resolve host
message has me concerned something else might be funky on the host. -
Scott - Слава Україні over 9 yearsThe OP "got into trouble" for running
sudo
, so he probably isn't the system administrator, nor even one of the elite system administrators. He's probably just a user who thought he might have been granted some limited powers. What makes you suspect that he can gosu
? -
Ale over 9 years@PatrickM It looks like a problem with the
sudoers
file. In there you can specify on which host a user is authorized to run a specific command (this is useful when using the samesudoers
file on multiple machines). Possibly the hostname specified in that file could not be resolved. Try checking it with thehost
command for example. -
G-Man Says 'Reinstate Monica' over 9 yearsMaybe downvoted because it repeats what Daniel Beck said nearly two years ago.
-
Ramhound over 9 yearsOr explains what happen, it's a comment, at best
-
bksunday over 8 years@Jonathan: if u would script in ubuntu rigt now,
sudo -l
asks for a password if u can sudo or not.sudo -v
asks only if u can, and"$(whoami)" != "root"
will never ask anything in any linux. -
Jonathan Ben-Avraham over 8 years@bksunday You are correct. I tested now on a clean Debian Jessy and confirmed your results. My previous (deleted now) comment was probably a result of testing on a machine on which I had some
sudo
privs. -
Betlista over 8 years@G-Man but this simple answer helped me more than probably more precise Daniel's answer, where this command is the the very end unfortunatelly...
-
79E09796 over 7 yearsDoesn't work for me on RHEL 6,
sudo -v
gave "xx is not in the sudoers file. This incident will be reported." -
HikeMike over 7 years@79E09796 Do you know more about your environment? What version of RHEL 6? What version of sudo? I can't find anything in the sources that would explain that, but Red Hat's source RPMs are pretty annoying. Notably, it seems sudo was recently patched quite a bit by Red Hat, so this may be very recent.
-
Vomit IT - Chunky Mess Style over 6 yearsRead over "Why do I need 50 reputation to comment" to ensure you understand how you can start commenting.
-
Harry almost 6 yearsAny alternatives for where
timeout
isn't available by default, e.g. on OS X? -
kenorb almost 6 yearsYou need to install
coreutils
, e.g.brew install coreutils
. -
beruic over 5 yearsThis does not work for me in a script. For unexplained reason the script hangs until I kill it.
-
Burgi about 4 yearsThe OP would need to be on the sudoers list for this to work which defeats the point of the question.
-
peterh about 4 years@Burgi The unsaid part of the answer is that if
sudo
asks for root password, or it does not work, it also means that you don't have root privileges (at least not throughsudo
). I insert it into the answer. -
om-ha over 3 years@beruic you can try this (explained in my answer)
timeout -s SIGKILL 5s sudo -v && (echo SUDO Access Granted ; exit 0) || (echo SUDO Access Denied ; exit 1)
-
om-ha over 3 yearsRespect for this answer poster, he kept this despite the dislikes so others can benefit from its flawed assumption, and the comment above me.
-
Cameron Tacklind about 3 yearsPlease don't do this.
sudo
has the feature you need built-in:sudo -vn 2> /dev/null && echo you can sudo without password || echo password required or sudo not permitted
-
Community over 2 yearsYour answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.