PlanetJoel.com

test-sudoers.py – Test a sudoers file through python

by

joelh
in

I wrote a quick script called test-sudoers.py which reads a sudoers file and can answer questions like “what commands can a particular user run on a particular host?” and “can a particular user run a command?”. The latter is particularly useful because using return codes that can be scripted and allow certain actions based on whether they can run a specific command.

Its also very useful if you are writing a massive sudoers file (as I manage at my current job) and need tools to probe and prod it before rolling it out.

UPDATE 9/1/2009: v0.2 online which features support for netgroups. If you have installed my libnss netgroup bindings then you can perform netgroup based lookups using test-sudoers

Comments

2 responses to “test-sudoers.py – Test a sudoers file through python”

  1. Errol Casey Avatar
    Errol Casey

    Thanks so much for this code. Someone on a python list found it for me. I look forward to working with it.

    My immediate task at hand is to generate a report of root and non-root users, and had run into problems due to the number of ways root privs can be given in sudoers file (os group, su , su – , and su – matching would get confused with su – username, and su – * ). But I think your script will be quite helpful, and teach me a LOT about python. Thanks.

    Reply
  2. joelh Avatar
    joelh

    Not a problem Errol, I hope you find it useful. It’s probably somewhat out of date now – let me know if you find any bugs.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *