In the various commands that were given in the preceding recipe, we used sudo repeatedly. This was so that we didn't have to log in as the root user to perform various restricted actions.
Generally, if you attempt to run a command that you lack permissions to complete successfully, you'll be greeted with an error:
$ less /etc/sudoers
/etc/sudoers: Permission denied
Here, I tried to have a look at the /etc/sudoers file, which also happens to be the file that determines a user's sudo privileges.
Running this command with sudo is a different story. Instead, it opens the file for me, dropping me into the less pager.
Toward the bottom of this file, we find the following block:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
The wheel portion of this block is uncommented, and the text above that tells us what that means.
So, the obvious next question is, am I in the wheel group?
Thankfully, this is very easy to check – the file in question is always in the same place: /etc/group.
Here, we print the contents of the group file to our screen, and look specifically for wheel.
We see the following layout:
group_name:password:GID:user_list
We can see that the group_name is wheel, the password is a lower x, which means that shadow passwords are being used, the group ID is 10, and the only user in this group is myself:
$ sudo cat /etc/group | grep wheel
wheel:x:10:adam
We can even do this with a single word, that being the groups command, which prints the groups that your current user is a member of:
$ groups
adam wheel
Being granted the ability to run superuser commands with sudo isn't the immediate right of everyone on the system, and it's up to the individual company and administration team to decide how that power is distributed.
There are places where everyone in operations has the power of sudo, and places where one person has that power.