There are situations (especially after a hacking attempt, or when you find something specious in rKhunter) when you need to know if there are any other user with root privileges.
There are three commands that you must run in such situations.
- Check if an unwanted user is member of root group.
[box style=’note’] grep root /etc/group [/box]
- Check if unwanted user is able to execute commands as root
[box style=’note’] cat /etc/sudoers [/box]
- Check if certain programs are set to run as root. i.e. check SUID bit.
[box style=’note’] find / -perm -04000 [/box]