Cybersecurity Triage
Risk: safeReview sudo Grants
You need a compact view of sudo group membership and sudoers rules from fixture-local stubs.
Command
awk -F: '$1=="sudo" {print "sudo group: " $4}' fixtures/user-access-audit/etc/group; grep -RhnE '^[^#].*ALL=' fixtures/user-access-audit/etc/sudoers fixtures/user-access-audit/etc/sudoers.dBefore you run this
Risk: safe. Do not edit sudoers based only on this summary; validate syntax and account ownership on real systems.
Expected output
sudo group members followed by uncommented sudoers lines that grant privileges.
System impact
Nothing changes. The command reads fixture-local group and sudoers stubs and prints privilege grants.
Recovery / rollback: no state is changed.
When to use it
Use when auditing who can elevate privileges or when preparing to remove stale access.
When not to use it
Do not edit sudoers based only on this summary; validate syntax and account ownership on real systems.
Watch this command run
Example output from a temporary Linux lab
This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.
$ cat sample-files/user-access-audit/etc/group sample-files/user-access-audit/etc/sudoers sample-files/user-access-audit/etc/sudoers.d/app-deploy
root:x:0:
daemon:x:1:
www-data:x:33:
alex:x:1000:
deploy:x:1001:
reports:x:1002:
breakglass:x:1003:
backup:x:1004:
sudo:x:27:alex,breakglass
docker:x:998:deploy
adm:x:4:alex
Defaults env_reset
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL
deploy ALL=(root) NOPASSWD: /usr/bin/systemctl restart app.service
# app deploy automation
deploy ALL=(root) NOPASSWD: /usr/bin/journalctl -u app.service, /usr/bin/systemctl reload nginx$ awk -F: '$1=="sudo" {print "sudo group: " $4}' sample-files/user-access-audit/etc/group; grep -RhnE '^[^#].*ALL=' sample-files/user-access-audit/etc/sudoers sample-files/user-access-audit/etc/sudoers.d
sudo group: alex,breakglass
2:root ALL=(ALL:ALL) ALL
3:%sudo ALL=(ALL:ALL) ALL
4:deploy ALL=(root) NOPASSWD: /usr/bin/systemctl restart app.service
2:deploy ALL=(root) NOPASSWD: /usr/bin/journalctl -u app.service, /usr/bin/systemctl reload nginxView reproducible demo details
This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.
Lab setup steps
cat fixtures/user-access-audit/etc/group fixtures/user-access-audit/etc/sudoers fixtures/user-access-audit/etc/sudoers.d/app-deployawk -F: '$1=="sudo" {print "sudo group: " $4}' fixtures/user-access-audit/etc/group; grep -RhnE '^[^#].*ALL=' fixtures/user-access-audit/etc/sudoers fixtures/user-access-audit/etc/sudoers.d
next steps
Related commands
List Privileged Group Members
Group membership can grant more access than the username suggests.
awk -F: '$1 ~ /^(sudo|adm|docker)$/ && $4 != "" {print $1 ": " $4}' fixtures/user-access-audit/etc/group
Find SSH Key Users with sudo
The highest-priority access review starts where SSH keys and sudo overlap.
comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Find SSH Keys for nologin Users
A nologin shell does not automatically mean SSH keys are irrelevant.
comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Find Password-Enabled Accounts
A shell account with an unlocked password hash deserves extra attention.
awk -F: '$2 !~ /^(!|\*)/ {print $1}' fixtures/user-access-audit/etc/shadow
Review a Breakglass Account
Emergency accounts should be easy to find and hard to ignore.
grep -Rhn 'breakglass' fixtures/user-access-audit/etc fixtures/user-access-audit/home fixtures/user-access-audit/logs
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.