In Linux systems, superuser privileges typically refer to accounts with UID 0 or those granted sudo access through the sudoers file. The root user (UID 0) has unrestricted access, while other users can gain similar privileges through sudo configuration.

The most direct approach to find superusers is searching for accounts with UID 0:

grep ':0:' /etc/passwd

Example output might show:

root:x:0:0:root:/root:/bin/bash
admin:x:0:0:superuser:/home/admin:/bin/bash

To identify users with sudo privileges:

sudo grep -Po '^sudo.+:\K.*$' /etc/group

For detailed sudo access:

sudo cat /etc/sudoers | grep -v '^#' | grep -v '^$'

This script checks both UID 0 and sudo capabilities:

#!/bin/bash
echo "UID 0 Users:"
awk -F: '($3 == 0) {print $1}' /etc/passwd

echo -e "\nSudo Capable Users:"
getent group sudo | cut -d: -f4 | tr ',' '\n'

echo -e "\nUsers with passwordless sudo:"
sudo grep -r "^[^#].*NOPASSWD" /etc/sudoers*

To find users who can potentially escalate privileges:

for user in $(getent passwd | cut -d: -f1); do
    sudo -lU $user 2>/dev/null | grep -q '(ALL : ALL)' && 
    echo "$user can potentially escalate to root"
done

For a complete security audit:

#!/bin/bash
echo "User Privilege Audit Report"
echo "Generated on: $(date)"
echo "=========================="

echo -e "\n[1] All System Users:"
cut -d: -f1 /etc/passwd

echo -e "\n[2] Users with Shell Access:"
grep -v '/nologin$\|/false$' /etc/passwd | cut -d: -f1

echo -e "\n[3] Users with Sudo Privileges:"
getent group sudo | cut -d: -f4 | tr ',' '\n'

echo -e "\n[4] Users with UID 0:"
awk -F: '($3 == 0) {print $1}' /etc/passwd

echo -e "\n[5] Users with Passwordless Sudo:"
sudo grep -r "^[^#].*NOPASSWD" /etc/sudoers*

After identifying privileged accounts:

• Remove unnecessary UID 0 accounts
• Restrict sudo privileges to only required users
• Implement proper logging for privileged commands
• Regularly review sudoers configuration

In Linux systems, superuser privileges aren't limited to just the root account. Several mechanisms exist that grant equivalent or escalating privileges:

1. Users with UID 0 (direct root equivalent)
2. Users in sudoers file with ALL privileges
3. Users with setuid binaries available
4. Users with direct su permissions

Start with these fundamental commands to identify privileged accounts:

# List all users with UID 0 (direct root equivalents)
awk -F: '($3 == "0") {print}' /etc/passwd

# Check sudoers configuration
grep -Po '^sudo.+:\K.*$' /etc/group

To identify potential privilege escalation paths:

# Find users with sudo privileges
sudo -l

# Check for setuid binaries
find / -type f -perm -4000 2>/dev/null

# Verify sudoers file permissions
ls -l /etc/sudoers

This bash script provides complete privilege mapping:

#!/bin/bash

echo "=== UID 0 Users ==="
awk -F: '($3 == "0") {print}' /etc/passwd

echo "\n=== Sudo Capable Users ==="
awk -F: '($1 ~ /^sudo$/) {print $4}' /etc/group | tr ',' '\n'

echo "\n=== Sudoers Direct Entries ==="
grep -v "^#" /etc/sudoers | grep -v "^$" | grep -v "^Defaults"

echo "\n=== World-writable Files ==="
find / -xdev -type f -perm -0002 2>/dev/null

echo "\n=== Setuid Binaries ==="
find / -xdev -type f -perm -4000 2>/dev/null

Key indicators of privilege escalation capability:

• NOPASSWD in sudoers entries
• World-writable sudo configurations
• Custom setuid binaries in user home directories
• Unexpected users in sudo or wheel groups

Consider these specialized tools for thorough audits:

# LinPEAS - Linux Privilege Escalation Awesome Script
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh

# Linux Exploit Suggester
perl /usr/share/exploitdb/platforms/linux/local/linux-exploit-suggester.pl

To maintain proper privilege separation:

1. Regularly audit /etc/sudoers and /etc/passwd
2. Implement sudo logging (Defaults logfile=/var/log/sudo.log)
3. Use visudo for all sudoers modifications
4. Consider sudo's 'timestamp_timeout' setting