November 26, 2019

How to list all users with root

To list all users:
cat /etc/passwd | awk -F: '{print $ 1}'
To list all groups:
cat /etc/group | awk -F: '{print $ 1}'
Don't forget to change the root password. If any user has UID 0 besides root, they shouldn't. Bad idea. To check:
grep 'x:0:' /etc/passwd
Again, you shouldn't do this but to check if the user is a member of the root group:
grep root /etc/group
To see if anyone can execute commands as root, check sudoers:
cat /etc/sudoers
To check for SUID bit, which allows programs to be executed with root privileges:
find / -perm -04000
To see who is UID 0:
getent passwd 0
To see who is in groups rootwheel adm and admin:
getent group root wheel adm admin
To list all users and the groups they are members of:
getent passwd | cut -d : -f 1 | xargs groups
Pure root is user id "0".
All the users in the system are in the /etc/passwd file:
less /etc/passwd
Those who are root have "0" as the user id, which is the 3rd column. Those with "0" as the group (4th column) may also have some root privileges.
Next, you'll want to look at the groups, and see who is an additional member of the "root" or "wheel" or "admin" groups:
less /etc/group
Users listed in those groups could have some root privileges, especially via the "sudo" command.
The final thing you will want to check is the "sudo" config and see who is listed as having authorisation to run this command. This file itself is well documented so I won't reproduce it here:
less /etc/sudoers
To print all users
perl -n -e '@user = split /:/ ; print "@user[0]\n";' < /etc/passwd
To print only those users with UID 0, being as others have said, the users with implicit root privileges:
perl -n -e '@user = split /:/ ; print "@user[0]\n" if @user[2] == "0";' < /etc/passwd

No comments:

Post a Comment

How to Install Docker CE on CentOS 8 and RHEL 8

  Docker  is a daemon-based container engine which allows us to deploy applications inside containers.  Docker is available in two versions,...