How to check if I have sudo access?

linux sudo sudoers

441,373

Solution 1

Run sudo -v. It is usually used to extend your sudo password timeout, but can be used for determining whether you have any sudo privileges.

$ sudo -v
Sorry, user [username] may not run sudo on [hostname].

Man page excerpt:

If given the -v (validate) option, sudo will update the user’s time stamp, prompting for the user’s password if necessary. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command.

If your user is only allowed to run specific commands, this command will work, indicating you are allowed to run something with different privileges. While the message looks different when trying to execute a command you're not allowed to in this case (and no mail is sent to root), it's still possible you'll get into trouble if the admins read /var/log/secure.

$ sudo ls
[sudo] password for [username]: 
Sorry, user [username] is not allowed to execute '/bin/ls' as root on [hostname].

To find out what you're allowed to run with different privileges, you can use sudo -l. Note that this command requires you to enter your password.

Solution 2

This is very simple. Run sudo -l. This will list any sudo privileges you have.

Solution 3

Gerald Schade's answer here, can still be improved!

Use

prompt=$(sudo -nv 2>&1)
if [ $? -eq 0 ]; then
  # exit code of sudo-command is 0
  echo "has_sudo__pass_set"
elif echo $prompt | grep -q '^sudo:'; then
  echo "has_sudo__needs_pass"
else
  echo "no_sudo"
fi

Here's a complete example of usage in a script:

#!/usr/bin/env bash

is_root () {
    return $(id -u)
}

has_sudo() {
    local prompt

    prompt=$(sudo -nv 2>&1)
    if [ $? -eq 0 ]; then
    echo "has_sudo__pass_set"
    elif echo $prompt | grep -q '^sudo:'; then
    echo "has_sudo__needs_pass"
    else
    echo "no_sudo"
    fi
}

elevate_cmd () {
    local cmd=$@

    HAS_SUDO=$(has_sudo)

    case "$HAS_SUDO" in
    has_sudo__pass_set)
        sudo $cmd
        ;;
    has_sudo__needs_pass)
        echo "Please supply sudo password for the following command: sudo $cmd"
        sudo $cmd
        ;;
    *)
        echo "Please supply root password for the following command: su -c \"$cmd\""
        su -c "$cmd"
        ;;
    esac
}

if is_root; then
    echo "Error: need to call this script as a normal user, not as root!"
    exit 1
fi


elevate_cmd which adduser

Solution 4

Here is the script-friendly version:

timeout 2 sudo id && echo Access granted || echo Access denied

since it won't stuck on the password input if you do not have the sudo access.

You can also set it in a variable like:

timeout 2 sudo id && sudo="true" || sudo="false"
echo "$sudo"

^{Note: On macOS, you need to install coreutils, e.g. brew install coreutils.}

Solution 5

For me, 'sudo -v' and 'sudo -l' did not work in a script because sometimes interactive (asking me for a password, like mentioned above). 'sudo -n -l' did also not work, it gave the exit code '1' although I have sudo permissions, because of the missing password. But extending the command to:

A=$(sudo -n -v 2>&1);test -z "$A" || echo $A|grep -q asswor

was successful for me for the script. This expression gives 0 if the current user can call 'sudo' and 1 if not.

Explanation:
The additional parameter -n to sudo prevents interactivity.
The output $A of the command 'sudo -n -v 2>&1' may be:
- empty (in this case, sudo can be called by the current user), or:
- a note that the current user is not authorized for sudo, or:
- a question text for the password (in this case, the user is authorized).
("asswor" will fit for an english "password" as well as for a German "Passwort").

View more solutions

441,373

Bruce

Updated on September 18, 2022

Comments

Bruce over 1 year
I recently got into trouble because of this.
```
$sudo vim /etc/motd 
[sudo] password for bruce: 
bruce is not in the sudoers file.  This incident will be reported.
```
Is there a way to check if I have sudo access or not?
- Admin about 11 years
  
  You have not mentioned if you can attain root access or not.
- Admin about 11 years
  
  This has to be the first instance of seeing someone following up on "This incident will be reported".
Bruce about 11 years

Thanks. sudo -v works for me. The man page says I can run sudo -l as well but that asks for a password. Why is that?
HikeMike about 11 years

@Bruce I'm guessing here, but otherwise someone (or a program you run) could find out what programs can be executed (possibly without entering password) by your current user and try to use that information maliciously.
Patrick M about 10 years

What do you suppose it means when I get this back: patrick@<host>:~$ sudo -v sudo: unable to resolve host <host>? I entered my password and didn't get anything about unauthorized. I know I have sudo from successfully running other commands, but that unable to resolve host message has me concerned something else might be funky on the host.
Scott - Слава Україні over 9 years

The OP "got into trouble" for running sudo, so he probably isn't the system administrator, nor even one of the elite system administrators. He's probably just a user who thought he might have been granted some limited powers. What makes you suspect that he can go su?
Ale over 9 years

@PatrickM It looks like a problem with the sudoers file. In there you can specify on which host a user is authorized to run a specific command (this is useful when using the same sudoers file on multiple machines). Possibly the hostname specified in that file could not be resolved. Try checking it with the host command for example.
G-Man Says 'Reinstate Monica' over 9 years

Maybe downvoted because it repeats what Daniel Beck said nearly two years ago.
Ramhound over 9 years

Or explains what happen, it's a comment, at best
bksunday over 8 years

@Jonathan: if u would script in ubuntu rigt now, sudo -l asks for a password if u can sudo or not. sudo -v asks only if u can, and "$(whoami)" != "root" will never ask anything in any linux.
Jonathan Ben-Avraham over 8 years

@bksunday You are correct. I tested now on a clean Debian Jessy and confirmed your results. My previous (deleted now) comment was probably a result of testing on a machine on which I had some sudo privs.
Betlista over 8 years

@G-Man but this simple answer helped me more than probably more precise Daniel's answer, where this command is the the very end unfortunatelly...
79E09796 over 7 years

Doesn't work for me on RHEL 6, sudo -v gave "xx is not in the sudoers file. This incident will be reported."
HikeMike over 7 years

@79E09796 Do you know more about your environment? What version of RHEL 6? What version of sudo? I can't find anything in the sources that would explain that, but Red Hat's source RPMs are pretty annoying. Notably, it seems sudo was recently patched quite a bit by Red Hat, so this may be very recent.
Vomit IT - Chunky Mess Style over 6 years

Read over "Why do I need 50 reputation to comment" to ensure you understand how you can start commenting.
Harry almost 6 years

Any alternatives for where timeout isn't available by default, e.g. on OS X?
kenorb almost 6 years

You need to install coreutils, e.g. brew install coreutils.
beruic over 5 years

This does not work for me in a script. For unexplained reason the script hangs until I kill it.
Burgi about 4 years

The OP would need to be on the sudoers list for this to work which defeats the point of the question.
peterh about 4 years

@Burgi The unsaid part of the answer is that if sudo asks for root password, or it does not work, it also means that you don't have root privileges (at least not through sudo). I insert it into the answer.
om-ha over 3 years

@beruic you can try this (explained in my answer) timeout -s SIGKILL 5s sudo -v && (echo SUDO Access Granted ; exit 0) || (echo SUDO Access Denied ; exit 1)
om-ha over 3 years

Respect for this answer poster, he kept this despite the dislikes so others can benefit from its flawed assumption, and the comment above me.
Cameron Tacklind about 3 years

Please don't do this. sudo has the feature you need built-in: sudo -vn 2> /dev/null && echo you can sudo without password || echo password required or sudo not permitted
Community over 2 years

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.